This regulation establishes the policy for the classification, downgrading,
declassification, transmission, transportation, and safeguarding of information
requiring protection in the interests of national security. It primarily pertains
to classified national security information, now known as classified information,
but also addresses controlled unclassified information, to include for official
use only and sensitive but unclassified. For the purposes of this regulation,
classified national security information, or classified information, is defined
as information and/or material that has been determined, pursuant to
EO 12958
or any predecessor order, to require protection against unauthorized disclosure
and is marked to indicate its classified status when in documentary or readable
form. This regulation implements Executive Order (EO) 12958 and Department
of Defense Regulation 5200.1-R. This regulation contains the minimum
Department of the Army (DA) standards for the protection of classified information
and material. Such standards may be enhanced but never lessened at command
option. This regulation also establishes the DA policy on the safeguarding
of Restricted Data (RD) and Formerly Restricted Data (FRD) as specified by
the Atomic Energy Act of 1954. This regulation also provides guidance on the
proper handling of sensitive unclassified material. A restatement and interpretation
of the policy concerning the protection of controlled unclassified information
is included in this regulation as chapter
5
. This regulation does not establish
the special, additional policy for the safeguarding of special category information
to include Sensitive Compartmented Information (SCI) or Communications Security
(COMSEC), which can be found in AR 380-28 and AR 380-40 respectively.
It does address the protection of information in an automated environment
(app
E
) and Special Access Programs (SAPs) (app
I
).

Security is a command function. Commanders, Officers in Charge (OIC),
and heads of agencies and activities (referred to as commanders), will effectively
manage the information security program within their commands, agencies, activities,
or areas of responsibility (referred to as commands). Commanders may delegate
the authority to execute the requirements of this regulation, where applicable,
but not the responsibility to do so. Security, including the safeguarding
of classified and sensitive information and the appropriate classification
and declassification of information created by command personnel, is the responsibility
of the commander. The commander will--

Supervisory personnel (to include those in command positions) have
a key role in the effective implementation of the command's information security
program. Supervisors, by example, words, and deeds, set the tone for compliance
by subordinate personnel with the requirements to properly safeguard, classify,
and declassify, information related to national security. The supervisor will--

All DA personnel, regardless of rank, grade, title, or position,
have a personal, individual, and official, responsibility to safeguard information,
related to national security, that they have access to. All DA personnel will
report, to the proper authority, the violations by others that could lead
to the unauthorized disclosure of classified and sensitive information. This
responsibility cannot be waived, delegated, or in any other respect, excused.
All DA personnel will safeguard all information and material, related to national
security, especially classified information, which they access, and will follow
the requirements of this and other applicable regulations.

This regulation governs the Department of the Army information security
program and applies to all DA personnel to include military and civilian members
of the Active Army, Army National Guard (ARNG), and Army Reserve (USAR). Information
relating to national security will be protected by DA personnel and employees
against unauthorized disclosure. For the purposes of this regulation, DA personnel
includes any active or reserve military personnel or National Guard, assigned
or attached to a Department of the Army installation or activity, and persons
employed by, assigned to, or acting for, an activity within the Department
of the Army, including contractors, licensees, certificate holders, and grantees,
and persons otherwise acting at the direction of such an activity.

(3)
Persons who have executed
an appropriate non-disclosure agreement.
AR 380-67
contains policy
on the personnel security clearance program. Note: The holder, not the potential
receiver, of the information, determines the need-to-know and
is responsible for verifying the clearance and access authorization of the
potential receiver. No person will be granted access to classified information
solely by virtue of rank, title, or position.

The statutory authority for this regulation is derived from
Title
18
, of the United States Code (USC), the Atomic Energy Act of 1954, as amended,
Executive Orders, issuances from the Office of Management and Budget (OMB),
and the Security Policy Board (SPB).

This regulation requires the creation, maintenance, and disposition,
of records, to document and support the business processes of the Army. Recordkeeping
requirements are found in
section II
of appendix F, of this regulation, and
AR 25-400-2
.

Within the Federal Government, and the Office of Management and
Budget, are a number of offices designed to oversee and implement
EO 12958
.
These offices issue directives, as necessary and these directives are binding
to all the components. Directives issued by these offices establish standards
for--

The Director of the Information Security Oversight Office (ISOO)
is delegated the responsibility for the implementation and monitorship functions
of these programs. The details on the make-up and responsibilities of
these offices are contained in
EO 12958
, a reprint of which can be found in
appendix
B
, of this regulation.

The primary purpose of this regulation is to implement EO 12958
and its implementing Department of Defense directives.
EO 12958
does not apply
to information classified as Restricted Data (RD) or Formerly Restricted Data
(FRD). Nothing in EO 12958 supersedes any requirement made by, or under, the
Atomic Energy Act of 1954, as amended. Of particular importance is that neither
RD nor FRD information is subject to the automatic declassification provision
of EO 12958, as specified in chapter
3
of this regulation. RD and FRD information
will not be declassified without the specific permission of the Department
of Energy (DOE). RD and FRD shall be safeguarded, classified, downgraded,
and declassified, per the provisions of the Atomic Energy Act of 1954, as
amended, and by DOD and Army policy. The Army policy on the marking and safeguarding,
of RD/FRD information, is contained in chapters
4
and
6
, respectively, of
this regulation. RD and FRD information will be safeguarded, as required by
this regulation, for other information of a comparable level of security classification.
The policy on the classification, downgrading, and declassification, of RD
and FRD information, is stated in classification and declassification guidance
promulgated by the DOE, or in guidance issued jointly by the DOD and DOE.

Security classification and declassification policies apply to SCI,
COMSEC, and SAPs information in the same manner as other classified information
(see app
C
for guidance on declassification of cryptologic information and
appendix
I
, of this regulation, for more information on SAPs). SCI, COMSEC,
and SAPs information will be controlled and safeguarded in accordance with
AR 380-28, AR 380-40, and
AR 380-381
, respectively.

Commanders will establish procedures to make sure that prompt and
appropriate action is taken concerning a violation of the provisions of this
regulation, especially in those cases involving incidents which can put classified
information at risk of compromise, unauthorized disclosure, or improper classification
of information. Such actions will focus on a correction or elimination of
the conditions that caused or contributed to the incident.

EO 12958
, paragraph 5.7(e)(2), requires that the director of the
ISOO be advised of instances in which classified information is knowingly,
willfully, or negligently disclosed to unauthorized persons, or instances
of classifying, or continuing the classification of, information in violation
of this regulation. Reports of those instances will be submitted through command
channels to DAMI-CH for forwarding to the director of the ISOO and other
defense officials as appropriate. See chapter
10
for reporting of other security
incidents.

HQDA is required to report data necessary to support various requirements
of
EO 12958
. Commanders will respond to those data calls when so notified.
MACOMs and the HQDA SAAA will also submit a consolidated annual report, for
all units under their security responsibility, on
SF 311
, to reach DAMI-CH
no later than 1 October, or other date specified by DAMI-CH, each fiscal
year. The report will cover the preceding fiscal year. DAMI-CH will
consolidate and submit the annual SF 311 report for the Army. Interagency
Report Control Number 0230-GSA-AN applies to this report.

MACOM, agency, and MSC commanders will establish and maintain a
self-inspection program for their command, and a program to inspect
their subordinate units. The program must be based upon program needs and
the degree of involvement with classified and sensitive information. The purpose
of the program will be to evaluate and assess the effectiveness of the command's
protection of classified and sensitive information and adherence to Army policy
contained in this regulation. Inspections will be conducted annually unless
the command's higher headquarters determines that the quantity of classified
and sensitive holdings and material generated does not warrant that frequency.
In those cases, inspections will occur not less frequently than once every
other year. This will not dismiss other annual requirements outlined in this
regulation.

Original classification is the initial determination by an OCA that
an item of information could be expected to cause damage to national security
if subjected to unauthorized disclosure. Damage to the national security means
harm to the national defense or foreign relations of the United States from
the unauthorized disclosure of the information, to include the sensitivity,
value, and utility of that information. It includes military operations in
support of national objectives when those operations involve information that
meets the criteria of classification. This decision will be made only by persons
specifically authorized in writing to do so, have received training in the
exercise of this authority, and have program or program support responsibility
or cognizance over the information. The decision to originally classify must
be made based on the requirements of this regulation. Delegations of original
classification authority will be limited to the minimum required and only
to officials who have a demonstrable and continuing need to exercise it.

DA personnel who generate material which is to be derivatively classified
are responsible for making sure that the classification is properly applied
based on the original source material marking and local security classification
guides. DA personnel who apply derivative classification should take care
to determine whether their paraphrasing, restating, or summarizing of classified
information has removed all or part of the basis for classification. Certain
information that would otherwise be unclassified, may require classification
when combined or associated with other unclassified information. This is referred
to as classified by compilation. However, a compilation of unclassified items
of information is normally not classified. In unusual circumstances, classification
may be required if the combination of unclassified items of information provides
an added factor that warrants classification. Similarly, a higher classification
may be assigned to compilations of information that warrants higher classification
than that of its component parts. Classification on this basis shall be fully
supported, in writing, accompanying the compilation document. See paragraph
2-8
for specific classifying criteria.

Officials who sign or approve derivatively classified material are
responsible for the accuracy of the derivative classification. This applies
to all forms of material and information regardless of the media involved.
Personnel accomplishing derivative classification will--

The decision to apply original classification requires the application
of judgment, on the part of the classifier, that the unauthorized disclosure
of the information could reasonably be expected to cause damage to the national
security, and that the probable damage can be identified or described. It
is not necessary for the original classifier to produce a written description
of the damage at the time of classification, but the classifier must be prepared
to do so if the information becomes the subject of a classification challenge,
a request for mandatory review for declassification, or a request for release
under the Freedom of Information Act. The decision to classify also has operational
and resource impacts as well as impacts affecting the United States technological
base and foreign relations. The decision to classify should consider all relevant
factors. If there is doubt about classification, the OCA will research the
matter to make an informed decision. If, after such research, there is a significant
doubt about the need to classify information, it will not be classified. In
making a decision to originally classify an item of information, an original
classification authority will--

U.S. classification can only be applied to information that is owned
by, produced by or for, or is under the control of, the United States Government.
This is determined by the original classification authority that the unauthorized
disclosure of the information reasonably could be expected to result in damage
to the national security, and the information falls within one or more of
the following categories specified in section 1.5 of
EO 12958
:

Information will be declassified as soon as it no longer meets the
standards for classification. Information will remain classified as long as
it is in the interest of national security and meets the criteria stated in
this regulation. At the time an item of information is originally classified,
the original classifier must decide the length of time the information will
require classification and select an appropriate declassification date or
event. The term "time or event phased declassification
date," used for acquisition programs, is also synonymous with the
term "declassification date" as used in this regulation. The
declassification date indicates when the information no longer requires protection
in the interests of national security. When deciding on the declassification
date or event, the following options are the only ones available to the OCA:

An original classification authority who has made a decision to
originally classify information is responsible for communicating that decision
to persons who will likely be in possession of that information. This will
be accomplished by issuing classification guidance, discussed in
section V
of this chapter, or by making sure that a document containing the information
is properly marked to reflect the decision. Marking requirements for classified
material, including page and paragraph markings, are covered in chapter
4
of this regulation.

Generally, a compilation of unclassified items of information is
not classified. In unusual circumstances, compilation of items of information
that are individually unclassified can be classified if the compiled information
reveals an additional association or relationship that matches criteria for
classification as described in paragraph
2-8
of this regulation. Classification
by compilation will be fully supported by a written explanation that will
be provided on, in, or with, the material containing the information. An OCA
must be consulted if guidance is required concerning whether or not the compilation
results in classification.

Classification and safeguarding of information involved in the DOD
acquisition process will conform to the minimum standards of this regulation,
as well as the requirements of
DODD 5000.1
and DOD Instruction
(DODI) 5000.2
(or successor directives and instructions). The term "time or event
phased declassification date", used for acquisition systems, is synonymous
with the term "declassification date" used in this regulation.

EO 12958
and the Atomic Energy Act of 1954 provide the only basis
to classify information. Information will only be classified when it requires
protection in the interest of national security as specified in this regulation.
Classification cannot be used to conceal violations of law, inefficiency,
or administrative error, or to prevent embarrassment to a person, organization,
agency, or to restrain competition. Basic scientific research and its results
can be classified only if it clearly relates to the national security. Section
VI of this chapter covers information that is a product of non-government
research and development, that does not incorporate, or reveal, classified
information to which the producer, or developer, was given prior access.

A Security Classification Guide (SCG) will be issued for each system,
plan, program, or project in which classified information is involved. Agencies
with original classification authority will prepare classification guides
to facilitate the proper and uniform derivative classification of information.
These guides will conform to standards contained in directives and regulations
issued under
EO 12958
and this regulation.

Information that is a product of contractor or individual Independent
Research and Development (IR&D) or Bid and Proposal (B&P) efforts,
conducted without prior or current access to classified information associated
with the specific information in question, cannot be classified unless:

Information will be declassified when it no longer meets the standards
and criteria for classification. The authority to declassify information resides
with the OCA for that information and those appointed as declassification
authorities, subject to the criteria specified in
EO 12958
and/or successor
orders and directives. Department of the Army files and records will not be
declassified without prior review to determine if continued classification
is warranted and authorized. EO 12958 contains provisions for four declassification
programs as follows:

Restricted Data (RD) and Formerly Restricted Data (FRD) are not
subject to
EO 12958
. This information is classified under the Atomic Energy
Act of 1954, as amended. Declassification of RD and FRD information will only
be affected with the express specific approval of the classification authority
for the information. Generally, this is the Department of Energy (DOE) or
DOE in conjunction with DOD.

a.
EO 12958
sets forth policy on the declassification
of information. In particular,
EO 13142
, the amendment to section 3.4 of the
EO 12958, requires the automatic declassification of all U.S. classified documents
(other than RD or FRD) contained in records that are more than 25 years old
on 17 October 2001, or are determined to have permanent historical value under
Title 44, USC
, unless that information has been exempted from automatic declassification.
The declassification requirement will exist for all records of permanent historical
value as they become 25 years old.
AR 25-400-2
identifies Army
files determined to be of permanent historical value under Title 44, USC,
unless that information has been exempt. If not exempt, automatic declassification
will occur whether or not the records have been reviewed. Records that are
reviewed and are then exempted will not be automatically declassified.

a.
In accordance with
EO 12958
, the Army has identified
and proposed specific designated file series, with description and identification
of information in those file series, to be exempt from the 25-year automatic
declassification.

a.
Documents that are exempted from automatic declassification
after 25 years, will be marked with the designation "25X", followed
by the number of the exemption category (see categories listed in
paragraph
3-6e
), or by a brief reference to the pertinent exemption.
For example, "25X-Human Source," notes the information
is exempted from automatic declassification because it reveals the identity
of a human source, as described in exemption 1. It could also be marked 25X1.
If the document is exempt because of a human source, do not mark a declassification
date. All other exemptions will be marked with a future declassification date,
or event, established by the exempting authority. For example, a document
created in 1974 is reviewed and found to contain information that requires
classification beyond 17 October, 2001, because of exemption category
4, "Reveal information that would impair the application of state of the art technology
within a U.S. weapon system." The exemption authority determines that
the information must remain classified at least 15 years past the mandatory
declassification date of 1999 (1974 + 25 = 1999). They would set
the declassification date in ten-year blocks, per paragraph
2-11
.
This means the information could be declassified on 31 December 2019 (1999 +
20 = 2019). In this case, the declassification instructions for the
document could be written as: "Declassify on 25X4, 31 December
2019" or "Declassify On: 25X - State of the art technology
within the U.S., weapon system, 31 December 2019".

Downgrading information is appropriate when the information no longer
requires protection at the originally assigned level. Classified information
can be upgraded to a higher level of classification only if holders of the
information can be notified of the change so that the information will be
uniformly protected at the higher level. The OCA is authorized to downgrade
and upgrade information and is responsible for notifying holders of the change
in classification.

Classified information may be upgraded to a higher level of classification
only by officials who have been delegated the appropriate level of original
classification authority, in accordance with chapter 2,
section II
, of this
regulation. Information may be upgraded only if holders of the information
can be notified of the change so that the information will be uniformly protected
at the higher level. The OCA making the upgrading decision is responsible
for notifying holders of the change in classification.

Classified material will be destroyed completely to preclude recognition
or reconstruction of the classified information contained in or on the material.
Destruction methods include burning, crosscut shredding, wet pulping, melting,
mutilation, chemical decomposition, and pulverizing. This section contains
basic concepts and guidelines that assist in determining the sufficiency of
the various destruction techniques. This section also provides residue dimension
standards that will assist in achieving secure destruction. Destruction will
be accomplished in accordance with these guidelines.

The guidelines in this chapter are acceptable when employed in a
timely manner to prevent excessive accumulation and in conjunction with
the "secure volume" and "data density" concepts of destruction,
explained below.

Shredding, pulping, and pulverizing machines built to produce the
above residue standards are used primarily in the destruction of classified
paper-based products. Classified waste containing typing ribbon, aluminum
and plastic offset printing mats, and other non-paper-based products
require special handling. They must be segregated, marked to reflect their
content and classification, and dealt with on an individual basis. These items
can cause serious damage if allowed to accidentally enter some of these machines.
Thus, every effort must be made to keep foreign matter out of burn bags. Non-paper-based
classified material is to be disposed of as follows when a pyrolytic furnace
is not available or is inappropriate:

Destruction devices generally can be obtained through the National
Supply System (FSC Group 36, Part II). Technical guidance concerning appropriate
methods, equipment, and standards for the destruction of classified electronic
media and processing equipment components, can be obtained by submitting all
pertinent information to the National Security Agency, Attention: NSA/CSS
Directorate for Information Systems Security, Fort Meade, MD 20755. Technical
guidance concerning the standards for the destruction of other storage media
can be obtained from: Intelligence Materiel Activity (IMA), Fort Meade, MD
20755-5315.

Marking is the principal means of informing holders of classified
and sensitive information of its classification/sensitivity level and protection
requirements. Within the Department of the Army, classified and sensitive
material will be identified clearly by marking, designation, electronic labeling,
or if physical marking of the medium is not possible, by some other means
of notification. The term "marking" as used in this regulation
is intended to include all these methods of notification. The
term "document" as used in this section is meant to apply to all classified
and unclassified material, no matter what form (paper, electronic, etc.) it
is in. Classification/sensitivity markings must be conspicuous. Original and
derivative classifiers are responsible for application of the appropriate
classification/sensitivity markings. The requirements for marking information
and material within the intelligence community are a little different. These
requirements can be found in appendix
D
, of this regulation, and successor
Director of Central Intelligence Directives (DCID). The requirements of this
chapter do not apply to the marking of security containers. The only markings
allowed on security containers are those outlined in paragraph
7-8
of
this regulation. Marking serves these purposes:

General requirements are shown in this section. Each of these requirements
is explained in more detail in a separate section of this chapter. Figures
4-1
through
4-13
, at the end of this chapter, provide examples
of the most typical situations. These figures are not intended to cover all
situations. Material other than paper documents require the same markings
and must have the same information either marked on it or made available to
holders by other means of notification. While not a requirement, the holder
of an improperly marked classified document should contact the document originator
to obtain correct markings. Classified and sensitive material will bear the
following markings:

Classified and sensitive documents will be marked to show the highest
classification/sensitivity of information contained in the document. For documents
containing information classified at more than one level, the overall marking
will be at the highest level. For example, if a document contains some information
marked "SECRET" and some information
marked "CONFIDENTIAL", the overall marking would
be "SECRET". This marking must be conspicuous enough to alert
personnel handling the material that it is classified and must appear in a way
that will distinguish it clearly from the text of the document. The overall
classification/sensitivity will be conspicuously marked, stamped, or affixed
(with a sticker, tape, etc.), top and bottom, on the front and back covers
(if the document has covers), on the title page (if there is one), and on the
first page, in letters larger than those on the rest of the page. If it is not
possible to mark classification/sensitivity in letters which are larger than the
rest of the text (for example, on covers of documents or graphics), apply
classification/sensitivity markings in any manner that is immediately noticeable.
To promote reproducibility, classification/sensitivity and associated markings
will be applied in black or other dark ink. The use of red ink is discouraged.
If the document or other material has no front cover, the first page will be
the front page. If it has a cover, the first page is defined as the first page
that can be seen when the cover is turned back or opened. In some documents,
the title page and first page can be the same.

Classified and sensitive documents will be marked on the face of
the document with the date of the document, the command that originated it,
the office or agency which originated it, and "U.S. Army" or"Army"
if it is not clear from the name of the command that it is a
DA activity originating the document. This information will be clear enough
to allow the recipient of the document to contact the preparing office if
questions or problems about classification arise.

Each classified and/or sensitive document must show, as clearly
as possible and feasible, which information in it is classified and/or sensitive
and at what level. That will be done in the following manner:

(5)
Paragraph 5-410,
DODD 5200.1-R
stated that the
caveat "NOFORN" will no longer be used. This has since been rescinded.
Effective with the release of Director of Central Intelligence Directives
(DCID) 1/7 (see app
D
) and DCID 5/6, both dated 30 June 1998, the use
of "US ONLY," to mark information that must be restricted to U.S.
nationals, will cease. Until revoked, this type of information will be
marked "NOFORN." This applies to all media, including hard copy,
digital, and graphic.

(8)
See appendix
D
for
an explanation of marking certain intelligence control markings (for instance,
ORCON and PROPIN). Portion marking of those intelligence control markings
will follow the policy as stated in DCID 1/7 and successor directives.

Each classified document will be marked with the source of the classification.
For originally classified documents, that identification will be preceded
by the term "Classified by". In cases of derivative classification,
the source of classification is derived from either:

Each originally classified document will bear a concise line that
describes the reason for the decision to classify. This requirement applies
only to originally classified documents and does not apply to derivatively
classified documents. The "Reason" line will not be used on
wholly derivatively classified documents. The "Reason" line
is placed between the "Classified by" line and
the "Declassify on" line. The reason(s) to classify relates to
the categories of what can be classified, as specified in paragraph
2-8
.
The "Reason" line will either:

Each classified document (except those containing RD and FRD) will
be marked on the face of the document with a "Declassify on" line,
with instructions for the declassification of the information. This
applies for all classified documents, both originally and derivatively classified.
The "Declassify on" line will be completed as follows:

b.
Derivatively classified documents. In a derivatively classified document there
may be one source from which the classification is derived, or there may be
several sources. The source may have been classified after 14 October 1995
(the date the requirements of
EO 12958
went into effect) and reflects the
current system of conveying declassification instructions. The source may
have been classified prior to 14 October 95 under the former system in which
the use of the term Originating Agency Determination Required (OADR) was often
used. Or, the source may have been classified after 14 October 95 but still
reflects the former system of conveying declassification instructions. Even
in cases in which only one source document is used, and often in cases in
which several sources are used, different declassification instructions may
apply to the various items of information in the document being created. To
ensure that all the information in the document is protected for as long as
necessary, the most restrictive declassification instruction that applies
to any of the information in the document will be placed on the "Declassify
on" line. The term "most restrictive" means the latest
date or event, or the date or event furthest in the future. Throughout this
regulation the term "OADR" is used strictly because there are
documents out there with this term. The term "OADR" is no longer
authorized.

(2)
If all the information in the document has been extracted from a document
created before 14 October 1995 (the effective date of
EO 12958
) and was
marked "OADR", place the statement "Source marked
OADR" on the "Declassify on" line, followed by the date
of the document after the words "Date of Source". For example, a
derivative classifier extracts classified information from a document dated 3 June
1992 and marked "OADR". The newly created document containing that
extract will be marked, "Declassify on: Source marked OADR; Date of
Source: 3 June 1992." When using several sources of information
marked " OADR", the "Date of Source" line will reflect
the most recent date (the document with the latest date). For example, one source is
dated 2 August 1993 and one is dated 1 September 1995. In this case, the newly
created derivatively classified document will be marked:
Derived from:
Multiple Sources
Declassify on: Source marked OADR;
Date of Source:
1 September 1995

(2)
When using information from sources marked with the current
EO 12958
exemption markings (X1 through X8), the "Declassify on" line
will be marked with all exemptions that apply to all sources used. For example,
if one source cited "X2", another cited "X3" and
the third cited "X5", the Declassify on line would
read: "Declassify on: X2,3,5". The most recent date will be used on
the "Date of Source" line. For example, a derivatively classified
document that uses three sources with the latest source dated 10 February 1996, will
be marked:
Derived from: Multiple Sources
Declassify on: Sources
marked X2,3,5
Date of Source: 10 February 1996

Chapter
3
provides the policy for marking information contained
in records that will be more than 25 years old on 17 October 2001, and have
been determined to have permanent historical value under
title 44, USC
. In
summary, under
EO 13142
, amendment to
EO 12958
, section 3.4, information more
than 25 years old by 17 October 2001, and that is contained in records that
have been determined to have permanent historical value under title 44, USC
will be automatically declassified starting on 17 October 2001, unless that
information is exempted from declassification. The exemption categories, required
markings, and the DA policy for handling this program are discussed in chapter
3
of this regulation. This section is not intended to prescribe the policy
for addressing the review of that information. That policy is contained in
chapter
3
. This section prescribes the policy to follow when material, that
will be over 25 years old by 17 October 2001, is used as the source for derivatively
classifying a newly created document. Commands will consult
AR 25-400-2
and local records managers for advice on what constitutes a file determined
to have permanent historical value under Title 44, USC. In creating new documents
using the old sources that will be over 25 years on 17 October 2001, it will
make a difference whether or not the information has already been reviewed
to determine if it is in a record that has been determined to have permanent
historical value and whether or not it has been reviewed to determine if it
will be declassified or exempted from automatic declassification. There are
three possible options:

a.
The information is determined to be of permanent
historical value under title 44, USC, has been reviewed for continued classification,
and qualifies under one or more of the exemptions listed in paragraph
3-6e
of this regulation (section 3.4 of
EO 12958
). If it qualifies for exemption,
the exemption category and the future date or event for declassification (if
one applies) will be shown on the document, file, or record. When one of these
documents is used as a source in classifying a derivatively classified newly
created document, use the term shown on the document or record that was applied when
the information was reviewed. That term will be "25X" followed by the
appropriate exemption category that pertains to information
exempted from declassification at 25 years and state the new declassification
date or event, if one has been determined. For example, "25X3(31 December
2015)" if the information is exempted because it reveals information
that would impair U.S. cryptologic systems and now has been determined to
be declassified on 31 December 2015. Sometimes there will only be the exemption
category with no date or event listed for declassification. For
example, "25X1" if the information would reveal the
identity of a human intelligence source.

In certain circumstances, warning notices will be required if the
document contains certain categories of information for which the notice applies.
In addition to the notices listed below, other notices may be required by
other DA regulations. Unless another regulation or authorized administrative
publication prescribes different placement, these notices will be placed on
the cover (or first page where there is no cover) of the document.

h.
DODD 5230.24
requires distribution
statements to be placed on technical documents, both classified and unclassified.
These statements facilitate control, distribution and release of these documents
without the need to repeatedly refer questions to the originating activity.
The originating office may, of course, make case-by-case exceptions
to distribution limitations imposed by the statements. Distribution statements
on technical documents will be marked with notices that say, in essence, the
following:

j.
Documents containing information provided by a
foreign government or international organization. See
section VII
of this chapter
for complete policy on marking information provided by a foreign government or
international organization. Examples of an international organization are the United
Nations (UN) and the North Atlantic Treaty Organization (NATO). The following example
pertains to NATO. The same policy applies to any other international organization by
replacing the word "NATO" with the appropriate name or abbreviation for
that organization. DA classified documents that contain extracts of NATO classified information
will bear a marking substantially as follows: "THIS DOCUMENT CONTAINS
NATO CLASSIFIED INFORMATION"

l.
Other Warning Notices. Subparagraphs
a
through
k
above
represent the most commonly used warning notices. They do not necessarily
represent the only warning notices. There is nothing in this regulation that
prohibits other authorized warning notices from being applied to classified
documents. Where other regulations authorize and require special warning notices,
they may be applied to DA classified documents.

Downgrading instructions are not required for every classified document,
but they must be placed on the face of each document to which they apply.
When the original classification authority has determined that a document
will be downgraded to a lower classification upon the passage of a date or
event, the document will be marked: "Downgrade to SECRET on..." followed by the date or event, and/or "Downgrade to CONFIDENTIAL
on..." followed by the date or event. This marking is placed
immediately before the "Declassify on" line and is used in
addition to, and not as a substitute for, declassification instructions.

If a classified and/or sensitive document has components likely
to be removed and used or maintained separately, each component will be marked
as a separate document. Examples of components are annexes, appendices, major
parts of a report, or reference charts. If the entire major component is UNCLASSIFIED,
it can be marked on its face, top and bottom: "UNCLASSIFIED",
and a statement added: "All portions of this (annex, appendix, etc.)
are UNCLASSIFIED." No further markings are required on this type of
component.

Transmittals are documents that have classified and/or sensitive
documents enclosed with or attached to them. An example is a letter with classified
enclosures or a document that is used to describe the transmission of classified
equipment, documents, or other material. The transmittal document itself may
contain information classified and/or sensitive the same or higher than the
material transmitted. Often the transmittal document itself is UNCLASSIFIED
or classified at a lower level than the material being transmitted or enclosed.

Translations of U.S. classified and/or sensitive information into
a foreign language, will be marked with the appropriate U.S. classification/sensitivity
markings and the foreign language equivalent. Section VIII, of this chapter,
contains a list of foreign language classifications. The translations will
clearly show the United States as the country of origin.

This section does not pertain to documents transmitted by facsimile
(FAX) transmission. Classified and/or sensitive electronically transmitted
messages will be marked the same as any other classified and/or sensitive
document, with the following special provisions:

Documents that contain no classified and/or sensitive information,
but are marked with classification/sensitivity markings for training purposes,
will be marked to clearly show that they are actually UNCLASSIFIED. An appropriate
statement will be placed on each page of the document, for
example, "CLASSIFIED FOR TRAINING ONLY", "UNCLASSIFIED
SAMPLE", or "CLASSIFICATION MARKINGS FOR TRAINING PURPOSES ONLY". The
term "training purposes only" does not mean the sending of
mock or fake classified and/or sensitive messages during field exercises and
subsequently marking them for automatic declassification/destruction on ENDEX
(end-of-exercise). It is used for the purpose of providing examples
of how classified and/or sensitive markings are properly applied, such as
handbooks and other like publications.

Files, folders, and similar groups of documents containing classified
and/or sensitive information will be clearly marked as to the highest classification/sensitivity
of information contained therein. The classification/sensitivity marking will
be on the outside, front and back, and top and bottom, of the file or folder.
Attaching a document cover sheet to the outside of the file or folder is acceptable
in satisfying this requirement. When cover sheets are used, they will not
be attached when the file is in a secure storage container. When cover sheets
are removed, when the item is in secure storage, the file or folder must be
marked to indicate the highest level of classified and/or sensitive information
contained in the file.

There are no special provisions for documents produced by Automated
Information Systems (AIS) which function as word processing systems (see appendix
E
of this regulation for further guidance). Documents produced on an AIS will
be marked like other documents. For other AIS-generated documents, special
exceptions may apply where the application of the marking requirements of
this chapter are not feasible. These exceptions are:

When classified and/or sensitive information is contained in AIS
equipment, hardware, AIS media, or on film, tape, or other audio/visual media,
or in another form not commonly thought of as a document, the marking provisions
of this and other applicable regulations will be met in a way that is compatible
with the type of material. The main concern is that holders and users of the
material are clearly warned of the presence of classified and/or sensitive
information needing protection. The information provided by the other markings
required by this regulation will also be made available, either on the material
or in a document or notice that accompanies it. Particular exceptions are
noted below. The requirements of this chapter do not apply to the marking
of security containers. The only markings allowed on security containers are
those outlined in chapter
7
of this regulation.

Telephone or communications directory notice. Official U.S. Army
telephone or communications directories will display the following notice
on the front cover or prominently within the general information section:
ATTENTION!
DO NOT PROCESS, STORE, OR TRANSMIT CLASSIFIED INFORMATION
ON NONSECURE TELECOMMUNICATIONS SYSTEMS. OFFICIAL DOD TELECOMMUNICATIONS SYSTEMS--INCLUDING
TELEPHONES, FACSIMILE MACHINES, COMPUTER NETWORKS, AND MODEMS--ARE SUBJECT
TO MONITORING FOR TELECOMMUNICATIONS SECURITY PURPOSES AT ALL TIMES. USE OF
OFFICIAL DOD TELECOMMUNICATIONS SYSTEMS CONSTITUTES CONSENT TO INFORMATION
SYSTEMS SECURITY MONITORING.

Blueprints, engineering drawings, charts, maps, and similar items
not contained in a classified and/or sensitive document will be marked with
the overall highest classification/sensitivity of information contained therein.
The classification/sensitivity marking will not be abbreviated, and will be
conspicuous. The classification/sensitivity marking should be applied to the
top and bottom of the material, if possible, or in some manner as to ensure
the classification/sensitivity is readily known. The legend or title must
also be marked to show its classification/sensitivity. An abbreviated marking
in parentheses following the legend or title may be used. If the item is large
enough that it is likely to be rolled or folded, the classification/sensitivity
markings will be placed to be visible when the item is rolled or folded.

Classified and/or sensitive motion picture films and videotapes
must be marked with their classification/sensitivity and warning notices (if
any) at the beginning and end of the played or projected portion. Other required
security markings will be placed at the beginning of the projected or played
portion. Reels and cassettes will be marked with the overall classification/sensitivity
of the item and kept in containers marked with the classification/sensitivity
and other required security markings.

Sound recordings containing classified and/or sensitive information
will have an audible statement of their classification/sensitivity and warning
notices (if any) at the beginning and end of the recording. Reels or cassettes
will be marked with the overall classification/sensitivity of the item and
kept in containers marked with the classification/sensitivity and other required
security markings of the item. Where this is not possible, this information
will be recorded on documentation accompanying the item.

Microfilm, microfiche, and similar media, will be marked so that
the overall classification/sensitivity and warning notices (if any) are shown
in the image area and can be read or copied as part of the item. Such items
also will be marked with the classification/sensitivity markings and at least
an abbreviation of any warning notices applied in such a way as to be visible
to the unaided (naked) eye. Other required security markings will be either
placed on the item or included in an accompanying document or notice.

a.
Further details on the policy to protect and
mark classified and/or sensitive information stored on AIS media is contained
in
AR 380-19
, and appendix
E
, of this regulation. The following minimum
standards are required for removable AIS storage media. Removable AIS storage
media include magnetic tape reels, disk packs, diskettes, CD-ROMs, removable
hard drives, disk cartridges, optical disks, paper tape reels, magnetic cards,
tape cassettes and micro-cassettes, and any other device on which data
is stored, and which normally is removable from the system by the user or
operator. All such devices, containing classified and/or sensitive information,
will be conspicuously marked with the highest level of classification/sensitivity
stored on the device, and with any warning notices that may apply to the information.
Other required markings, for example, classification authority and declassification
instructions, will be marked on the outside of the device. An exception is,
if classified and/or sensitive documents or files are prepared on a word processor
and are stored on a floppy disk, and each document or file bears its own classification
authority and declassification instructions, as entered with the word processor,
the disk does not need to be marked with this information. If the required
information is not stored in readily accessible format on the media, it must
be marked on the outside of the media (for example, with a sticker or tag)
or placed on documentation kept with the media.

If a document is declassified or downgraded earlier than indicated
by its markings, the rules for remarking as stated in paragraph
4-35
will be followed. In addition, the date of remarking and the authority for
the action will be placed on the face of the document. The date of the remarking
is considered the date that the remarking was authorized (for instance, date
of the notice to remark) or, if no date is specified, the date that the material
was physically remarked. The authority for the action is the identity of the
OCA, or the designated declassification authority, who directed the action
and the identification of the correspondence, classification guide, or other
instruction or notification which required it.

If a document is upgraded (assigned a higher level of classification/sensitivity),
all classification/sensitivity markings affected by the upgrading will be
changed to the new markings, without exception. In addition, the date of the
remarking and the authority for the action will be placed on the face of the
document. The date of the remarking is considered the date that the remarking
was authorized (for instance, "Date of Notice to Remark") or,
if no date is specified, the date that the material was physically remarked.
The authority for the action is the identity of the OCA who directed and action
and the identification of the correspondence, classification guide, or other
instruction or notification which required it.

When the volume of material involved in a remarking action is so
large that individually remarking each document is determined by the commander
to cause serious interference with operations, the custodian will attach a
notice to the storage unit providing the required information as stated in
paragraphs
4-35
,
4-36
, and
4-37
. When individual documents
are permanently removed from the storage unit, they must be individually marked
as required in paragraphs
4-35,
4-36, and
4-37. If documents
are removed to be transferred in bulk to another storage unit, they need not
be remarked if the new storage unit also has a proper notice posted.

If information has been marked for declassification on a specific
date or event and the duration of classification is subsequently extended,
the "Declassify on" line will be changed to show the new declassification
instructions, the identity of the OCA authorizing the extension, and the date
of the authorizing action. For example, "Declassify on: Classification
extended on 1 Dec 2005 to 1 Dec 2015 by LTG Soldier, Commanding General, US
Army Classification Command."

Some classified and/or sensitive documents are still in use which
were marked, as specified by earlier versions of this regulation, based upon
an earlier EO. There is no requirement to remark this material with the new
markings specified by this regulation and
EO 12958
. This material will not
be remarked unless specific instructions are received from the original classification
authority. If the material is marked for automatic downgrading or declassification
on a specific date or event, it will be remarked as specified in paragraph
4-34
. If the document does not specify a specific date or event for
downgrading or declassification (for example, if it is marked "Declassify
on: OADR"), it will not be remarked until it reaches 25 years. Chapter
3
contains the policy on the marking of information over 25 years old.

The requirements for declassification, exemptions from automatic
declassification, and extensions of original classification dates apply to
all classified information, including that classified under previous Executive
Orders. Specific policy on classification and marking of information classified
by previous Executive Orders is addressed in this regulation.

Release and distribution of Joint Strategic Planning System (JSPS)
documents will be the same as for other JCS papers except for release to Service
schools and colleges. However, JSPS documents are subject to the following
additional controls:

Each foreign government has its own policy on what information is
classified and/or sensitive and for how long it will remain classified and/or
sensitive. The classification/sensitivity and declassification policy of another
government cannot and, in many cases, does not parallel that of the United
States. When Foreign Government Information (FGI) is disclosed to the United
States, it is done so with the understanding that the information will be
protected and will not be declassified or released to another nation or to
the public without the express permission of the originating government. This
applies to both foreign government documents as well as in situations in which
foreign government information is incorporated in a classified U.S. document.
It is, therefore, important to identify foreign government information that
is contained in U.S. classified documents. Throughout this regulation, when
the term "foreign government" is used, the policy also applies
to international pact organizations (for instance NATO), unless otherwise
specified.

Foreign classification designations generally parallel U.S. classification
designations. The exception is that many foreign governments have a fourth
(lowest) classification level called "RESTRICTED". A table
of the equivalent foreign and international pact organization security classifications
is contained in section VIII.

Classified documents originated by NATO, if not already marked with
the appropriate classification in English, will be so marked. Other markings,
such as the "Classified by/Derived from" line and declassification
instructions will not be placed on documents originated by NATO. Documents
originated by NATO that are marked "RESTRICTED" will be marked
with the following additional notation: "TO BE SAFEGUARDED IN ACCORDANCE
WITH USSAN INSTRUCTION 1-69". The USSAN Instruction 1-69
is implemented within the Department of the Army in AR 380-15 (AR 380-15 is classified NATO CONFIDENTIAL).

Foreign documents containing FGI not classified by the foreign government
but provided in confidence to the Department of the Army or any other element
of the U.S. government or its contractors, will be classified if the information
is covered under one or more or the reasons for classification listed in chapter
2
. If it is deemed classified, it will be marked with the appropriate U.S.
classification. If not, classification markings will not be applied to the
document. If it is not otherwise obvious that the document was provided in
confidence, DA commands can place the notation "FOREIGN GOVERNMENT
(or list the name of the country) INFORMATION PROVIDED IN CONFIDENCE".
That notation is not a requirement but is a consideration for cases in which
the document, or copies of the document, can leave the control of the personnel
who were aware of the confidentiality under which the information was provided.

In addition to the other markings required in this regulation, the
following markings will be used in classified DA documents containing FGI
(see definition of "Foreign Government Information" in appendix
J).

FOUO information can be disseminated within DOD components and between
officials of Army components and Army contractors, consultants, and grantees,
as necessary, in the conduct of official business. FOUO information can also
be released to officials in other departments and agencies of the Executive
and Judicial Branches in performance of a valid government function. Special
restrictions can apply to information covered by the Privacy Act. Release
of FOUO information to members of Congress is covered by
DODD 5400.4
, and
to the General Accounting Office by
DODD 7650.1
.

Sensitive But Unclassified (SBU) information is information originated
within the Department of State which warrants a degree of protection and administrative
control and meets the criteria for exemption from mandatory public disclosure
under the Freedom of Information Act. Prior to 26 January 1995, this information
was designated and marked Limited Official Use (LOU). The LOU designation
will no longer be used.

The Department of State does not require that SBU information be
specifically marked, but does require that holders be made aware of the need
for controls. When SBU information is included in DOD documents, the documents
will be marked as if the information were FOUO. There is no requirement to
remark existing material containing LOU information.

Drug Enforcement Administration (DEA) sensitive information is unclassified
information which is originated by DEA and requires protection against unauthorized
disclosure in order to protect sources and methods of investigative activity,
evidence, and the integrity of pretrial investigative reports. The administrator,
and certain other officials, of the DEA have been authorized to designate
information as "DEA SENSITIVE". The Department of Defense has
agreed to implement protective measures for the following DEA sensitive information
in its possession.

Access to DEA sensitive information will be granted only to persons
who have a valid need-to-know for the information. A security
clearance is not required. DEA sensitive information in the possession of
the Department of Defense, cannot be released outside the DOD without prior
authorization by the DEA.

DOD Unclassified Controlled Nuclear Information (UCNI) is unclassified
information on security measures, including security plans, procedures, and
equipment, for the physical protection of DOD Special Nuclear Material (SNM),
equipment, and facilities. Information is designated DOD UCNI only when it
is determined that its unauthorized disclosure could reasonably be expected
to have a significant adverse effect on the health and safety of the public
or the common defense and security, by increasing significantly, the likelihood
of the illegal production of nuclear weapons or the theft, diversion, or sabotage
of DOD SNM, equipment, or facilities. Information can be designated DOD UCNI
by the SECARMY and individuals to whom they have delegated the authority.

There is no specific marking authorized for the designation
of "sensitive" information. If the information fits within one of the
other categories of information described in this chapter, the appropriate
marking requirements apply.

If sensitive information falls within one of the other categories
of information described in this chapter, the specific limitations on access
for the appropriate category will be applied. If it does not, access to the
information will be limited only to those with a valid need for such access
in order to perform a legitimate organizational function, as dictated by common
sense principles of security management, learned through a proper and thorough
security education program.

DODD 5230.24
and AR 70-11 require distribution statements
to be placed on technical documents no matter if they are classified or unclassified
(See
figure 5-1
). These statements facilitate control, distribution
and release of these documents without the need to repeatedly refer questions
to the originating activity. The originating office can, of course, make case-by-case
exceptions to distribution limitations imposed by the statements.

Figure 5-1. Distribution Statements for Technical
Documents

DA personnel are responsible, both personally and officially, for
safeguarding classified information for which they have access. This responsibility
includes ensuring they do not permit access, to sensitive or classified information,
by unauthorized personnel. Any person who does not have a need-to-know
and who is not cleared or granted access to information at that level, in
accordance with the policy established in
AR 380-67
, is considered unauthorized
personnel. Both the clearance/access authorization and the need-to-know
must be present before access is authorized. The holder of the information,
not the potential recipient, must confirm valid need-to-know and
must verify the level of security clearance or access authorization. This
responsibility, of preventing access by unauthorized personnel, pertains to
any means of access, including auditory and visual means. Care will be exercised
to make sure that classified conversations are not made within hearing distance
of unauthorized personnel. Collecting, obtaining, recording, or removing,
for any personal use whatsoever, of any material or information classified
in the interest of national security, is prohibited.

a.
Prior to granting access to classified information,
DA personnel will receive a briefing outlining their responsibility to protect
classified information and will sign the
SF 312
(Classified Information Nondisclosure
Agreement (NDA)). Cleared personnel who have signed an earlier nondisclosure
agreement, the SF 189 (Classified Information Nondisclosure Agreement) (replaced
by SF 312), and have not already signed the SF 312, do not need to sign the
SF 312. They may, however, elect to replace the old SF 189 with a newly signed
SF 312. National policy requires that SF 312 and SF 189 NDAs be retained for
50 years from the date of signature. Execution of the NDA is mandatory for
all personnel as a condition of access to classified information. It will
be signed once unless verification of previous execution of the form indicates
that the form cannot be located, in which case the form will be signed again
and filed as if it were an original. In order to preclude duplicate NDAs,
reasonable effort will be made to verify an existing NDA prior to asking for
a second form to be signed. The purpose of the NDA is to make sure that personnel
requiring access to classified information are advised of their responsibility
to protect that classified information.

The command will have proof of clearance prior to execution of the
NDA. Proof of security clearance will be the receipt of the completed
DA Form
873
(Certificate of Clearance and/or Security Determination). Other means
of verifying the clearance can come from the Department of the Army Central
Clearance Facility (CCF), a review of individual's personnel file and verification
that it contains the DA Form 873, or the issuance of an interim security clearance.
Upon proof of clearance, a command official, typically the command security
manager, will brief the individual on the responsibilities to protect classified
information. After verification from a picture identification card, the individual
will read, date, and sign the NDA. The command official will witness the execution
of the NDA by signing and dating the form immediately after the individual's
signature. The same official, or another official in the command, that witnesses
the form, can serve as the accepting official.

Copies of nondisclosure agreements, such as
SF 312
or SF 189
or similar forms, signed by civilian personnel, including employees of contractors,
licensees, or grantees, with access to information that is classified under
standards put forth by Executive Orders governing security classification,
fall into this category. These forms should be maintained separately from
personnel security clearance files. Agreements for civilian employees working
for elements of the intelligence community must be maintained separately from
the official personnel folder. These forms, that are maintained separately
from the individual's official personnel folder, will be destroyed when 70
years old.

If a person refuses to sign the NDA, the individual will be advised
of the applicable portions of the NDA,
SF 312
. The individual will be given
five calendar days to reconsider and will not be permitted access to classified
information during that time. At the end of the five-day period, the
individual will again be requested to sign the NDA. If at that point the individual
still refuses to sign the NDA, their classified access, if it had been previously
granted, will be formally suspended, the individual will not be permitted
any access to classified information, the Department of the Army's Central
Clearance Facility will be notified concerning clearance revocation or denial
action, and the matter will be reported as required by
AR 380-67
.

c.
Unless exempted by the senior security official at
the MACOM, security out-processing is required for all cleared personnel
transferring to another DA command or to a Federal Government agency.
Transfers will not require the execution of the type of debriefing statement
described in subparagraph
b
, above. This does not preclude the command from
requesting the transferring individual sign or initial a form or statement
indicating, in substance, that the individual has been advised of the continuing
responsibility to protect classified information and/or has completed the security
out-processing. Personnel transferring will be briefed on the responsibilities
stated in subparagraph
b
, above. Additionally, personnel transferring will be advised
that classified information previously created, or in the custody of, the individual,
including that gained while attending training or conferences, does not belong to the
individual and does not transfer to the gaining command without appropriate approval
by both the gaining and losing commands. Such approval will be based upon the losing
command's assessment of the need-to-know for the information by the gaining
command. Out-processing can also be used as a means to ensure that the
appropriate command security officials are aware of the departure of personnel
to ensure combinations and passwords are changed, keys are returned, accountable
documents and property are under new custody, etc. Where out-processing
is not required for transfers, the command will establish procedures to ensure
that the command security manager is advised of such transfers.

f.
Refusal to sign the
DA Form 2962
or the termination
portion of the NDA, SF 312, will be considered a lack of personal commitment
to protect classified information. Personnel who refuse to sign a termination
statement will not be granted further access to classified information and
their security clearance may be revoked or denied in accordance with
AR 380-67
.

Commanders will establish policy and procedures to ensure that other
command officials and personnel advise the command security manager of any
information affecting an individual's access to classified information. Personnel
officials will make sure that transfer and recruitment documents, including
vacancy announcements, indicate if a security clearance is required for the
position.

Classified information can be made available to individuals or agencies
outside the Executive Branch provided that such information is necessary for
performance of a function from which the U.S. Government will derive a benefit
or advantage, and that such release is not prohibited by the originating department
or agency. MACOM Commanders and the Administrative Assistant to the Secretary
of the Army are designated as Department of the Army Release Authorities.
They are authorized to determine, subject to OCA approval and before the release
of classified information, the propriety of such action in the interest of
national security and the assurance of the recipient's trustworthiness and
need-to-know. This authority can be further delegated, if required.

Commands will develop plans for the protection, removal, and destruction
of classified material in case of fire, flood, earthquake, other natural disasters,
civil disturbance, terrorist activities, or enemy action, to minimize the
risk of its compromise. The level of detail in the plan and the amount and
frequency of testing of the plan is at the command option, subject to MACOM
approval, and should be based upon an assessment of the risk which might place
the information in jeopardy. In this regard, special concern will be given
for locations outside the United States. In preparing emergency plans, consideration
must be given to reducing the amount of classified material on hand, including
the transfer of information to microforms or removable computer media to reduce
bulk, and the storage of less frequently used material at more secure locations.
AR 380-40 contains policy for the emergency protection, including emergency
destruction under no-notice conditions, of COMSEC material.

Storage containers and information processing equipment, which had
been used to store or process classified information, will be inspected by
cleared personnel, before removal from protected areas, and/or before unauthorized
persons are allowed unescorted access to them. The inspection will ensure
that no classified information remains within or on the equipment. Items to
be inspected include security containers, reproduction equipment, facsimile
machines, micrographic readers and printers, AIS equipment and components,
equipment used to destroy classified material, and other equipment used for
safeguarding or processing classified information. A written record of the
inspection will be completed and maintained in accordance with paragraph
7-11
.

Meetings, conferences, classes, seminars, symposia, and similar
activities, at which classified information is to be presented or discussed,
are considered "classified meetings." The classified portions
of these meetings present special vulnerabilities to unauthorized disclosure
and will be limited to persons possessing an appropriate clearance and access
and the need-to-know for the specific information involved. Security
requirements contained elsewhere in this regulation and other applicable security
regulations apply, without exception, to classified meetings.

There are a variety of non-COMSEC-approved equipment
that are used to process classified information. This includes copiers, facsimile
machines, computers, notebooks and other AIS equipment and peripherals, electronic
typewriters, word processing systems, hand-held personal data managers,
etc. Commands will identify those features, parts, or functions of equipment
used to process classified information that can retain all or part of the
information. Command security procedures will prescribe the appropriate safeguards
to prevent unauthorized access to that information, and replace, control,
and/or destroy equipment parts, pursuant to the level of the classified material
contained therein, when the information cannot be removed from them. Alternatively,
the equipment can be designated as classified and appropriately protected
at the retained information's classification level (for instance, by being
installed in a vault approved for the storage of classified information at
that classification level).

Commands will develop procedures to protect incoming mail, bulk
shipments, and items delivered by messenger, until a determination is made
whether classified information is contained in the mail. Screening points
will be established to limit access to classified information.

Material containing TOP SECRET information will be provided continuous
control and accountability. Commands will establish procedures, tailored to
the individual situation, in accordance with the principles of risk management,
for the control and accountability of the TOP SECRET material they hold. These
procedures will provide the means of facilitating oversight and management
of TOP SECRET access controls, assessment and management of holdings, and
identification of material at risk, in cases of potential unauthorized disclosure.
In developing these procedures, the following minimum requirements will be
met.

Commands will establish procedures to control all SECRET and CONFIDENTIAL
information and material originated, received, distributed, or routed to sub-elements
within the command, and all information disposed of by the command by transfer
of custody or destruction. The control system for SECRET and CONFIDENTIAL
information is to be determined by a practical balance of security and operating
efficiency.

Documents and other material containing classified information will
be reproduced only when necessary for the accomplishment of the command's
mission or for compliance with applicable statutes or directives. Reproduction
equipment and the reproduction process involve substantial risk. Therefore,
commands will establish and enforce procedures for the reproduction of classified
material which limit reproduction to that which is mission essential and will
make sure that appropriate countermeasures are taken to negate or minimize
any risk. All copies of classified documents reproduced for any purpose, including
those incorporated in working papers, are subject to the same safeguards and
controls prescribed for the document from which the reproduction is made.
Reproduced material will be clearly identified as classified at the applicable
level. TOP SECRET material will be numbered serially and marked to indicate
its copy number (for example, copy 1 of 2 copies) and accounted for accordingly.
Waste products generated during reproduction will be properly safeguarded
as appropriate to the level of classification contained within, and destroyed
in a manner approved for the destruction of classified information at that
classification level.

c.
The provisions
of subparagraphs
a(l)
and
a(2)
, above, will not restrict the reproduction
of documents for the purpose of facilitating declassification review. After
review for declassification, those reproduced documents that remain classified
must be destroyed in accordance with
section V
of this chapter.

b.
Documents which are no
longer required for operational purposes will be disposed of in accordance
with the provisions of the Federal Records Act (44 USC chapters
21
and
33
)
as implemented by
AR 25-400-2
. Classified information is subject
to the same retention criteria as unclassified information. Special care will
be exercised in the placing of classified information in files designated
under AR 25-400-2 as "permanent". Such files can,
and many are, eventually accessioned into the National Archives. These files
are subject to any automatic, systematic, and mandatory declassification systems
that exist now or will in the future. Resources, at present, cannot permit
a careful review of all of the material prior to declassification. In order
to conserve resources, the declassification review personnel can rely heavily
on the markings on the front of the document and on the
SF 135
for those cases
in which the boxes cannot be opened prior to a decision to employ bulk declassification
based upon a description of the contents of the file box. Resources cannot permit a
careful review for unclassified, "For Official Use Only (FOUO)," information
unless the FOUO markings are conspicuous on the front of the document and on the
portions to which they apply, and are included in the SF 135 description. Command
personnel must be aware that the current policy, as stated in the recent
EO 12958
,
with amendments, refers to the declassification of information contained in permanent
records that have been determined to have permanent historical value, by the Archivist
of the U.S., under
Title 44, U.S. Code
. Therefore, once the classified material has
been placed in a file designated under MARKS (AR 25-400-2)
as "permanent," the information in the files will be subject to the
automatic declassification provisions of the prevailing EO, whether or not reviewed
for declassification by DA personnel.

a.
Classified documents and materials will be destroyed
by burning, or, when meeting the standards contained in chapter
3
, of this
regulation, by melting, chemical decomposition, pulping, pulverizing, cross-cut
shredding, or mutilation, sufficient to preclude recognition or reconstruction
of the classified information. Strip shredders, those that do not have a half-inch
cross cut feature, do not sufficiently destroy the information and are not
authorized for use. MACOMs can approve the use of strip shredders, in exceptional
cases, for use in the destruction of classified material at the SECRET level
and below, under the following conditions: if the equipment was purchased
prior to June, 1986, there are no other means of destruction available to
the command, and additional precautions, such as shredding at least 20 pages
of similar material, not blank paper, at the same time, are utilized to minimize
risk of reconstruction of the material. MACOMs must consider efforts to replace
the strip shredders as soon as possible.

Waivers to the requirements in
sections III
through
V
of this Chapter
can be authorized by MACOM commanders, and for HQDA activities, by the Administrative
Assistant to the Secretary of the Army. This authority will not be further
delegated and does not apply to any other section, Chapter, or appendix
this regulation. Waiver approval will follow the policy discussed in this
Chapter. Waivers pertaining to SAPs will be submitted in accordance with appendix
I
, of this regulation, and
AR 380-381
.

Waivers are normally granted for a limited, specific duration, but
can be approved for an indefinite period, if deemed appropriate, by the approval
authority. In either case, a waiver must be revalidated no less than every
five years. The revalidation will require rejustification of the unique or
unusual circumstances that supports the request for a waiver and a current
assessment to make sure the alternative compensatory measures do afford the
protection to the classified information and that they are sufficient to reasonably
deter and detect loss or compromise and meet the intent of the established
policy being waived.

Waivers will be documented and furnished upon request to other agencies
with whom classified information or secure facilities are shared. The waiver
documentation will describe the alternative compensatory measures and contain
an assessment of how those alternative compensatory measures fulfill the intent
of the protection requirement of the policy being waived. The continuing need
for waivers will be a factor in the command inspection program. The record
of waiver will be made available to inspection personnel and will be maintained
for as long as the waiver is in effect.

Waivers granted prior to the effective date of this regulation are
canceled no later than one year after the effective date of this regulation.
See paragraph
1-19
for waivers pertaining to any requirement beyond
those contained in
sections III
through
V
of this Chapter.

Heads of DA MACOMs, units, activities, and agencies will establish
and maintain a self-inspection program based on program needs and the
degree of involvement with classified information. The purpose of the program
shall be to evaluate and assess the effectiveness and efficiency of the Command's
implementation of the Army Information Security Program. Commands that originate
significant amounts of classified information should be inspected at least
annually.

The previous edition of this regulation required all commands to
establish a program to inspect for the unauthorized removal of classified
information. Although this program, known as the Entry/Exit Inspection Program
(EEIP) is, effective by this regulation, no longer a Department of the Army-wide
requirement, it does remain an effective tool that can be used in command
security programs to deter and detect the unauthorized removal of classified
information. When effectively implemented the EEIP provides visibility and
emphasis to the command security program. Its use is a command option. The
Two Person Integrity (TPI) Program is, effective by this regulation, no longer
a Department of the Army-wide requirement. Personnel are reminded that
the unauthorized disclosure of TOP SECRET information can result in exceptionally
grave damage to national security. TPI is a tool that can be used to better
protect this high level of classification and should be considered for inclusion
in command security programs. Its use is also a command option. Two persons
are required, however, for the destruction of TOP SECRET material as stated
in paragraph
6-29
, and may be required for SAPs (see
AR 380-381
).

Classified information will be secured under conditions adequate
to prevent access by unauthorized persons and meeting the minimum standards
specified in this regulation. An assessment of the threat to the material,
the location of the command, and the sensitivity of the information, will
be considered when determining if the minimum requirements of this Chapter
require enhancement, as determined by the local command. Based upon an assessment
of the threat, the command will institute appropriate security measures designed
to make unauthorized access so difficult that an intruder will hesitate to
attempt to try to gain access or enhance the likelihood of discovery and apprehension
if an unauthorized access is attempted.

b.
As stated in paragraph
7-4a(3)
above, new lock-bar containers
used to store classified material will not be fabricated from either existing
or new cabinets, and existing lock-bar containers will be phased out
and no longer authorized for use after 1 October 2002.

Classified information will not be stored in a personal residence,
on or off a military installation. Classified information will not be stored
in any location outside an approved location at a U.S. Government or cleared
contractor facility. Exceptions are:

Except for classified information released to a foreign government
or international organization, and under the safeguarding of that country
or organization, U.S. classified material will be retained in foreign countries
only when necessary to satisfy specific U.S. Government requirements. Commanders
will take into consideration the additional risk associated with storing,
discussing, and processing classified information outside the United States
in establishing procedures to implement this regulation. Particular attention
will be paid to the foreign release requirements of
AR 380-10
, making
sure that classified material is not accessed by foreign personnel not authorized
access to the information, keeping classified holdings to the minimum required,
making sure that classified material no longer required is frequently and
completely destroyed, making sure that classified discussions and processing
are protected from unauthorized access from personnel working in the area,
that classified discussions are conducted on secure communications equipment,
and requiring that the emergency destruction plan is rehearsed and is practical
for execution. U.S. classified material in foreign countries will be stored
at:

Neutralization of lock-outs, or repair of any damage, that
affects the integrity of a security container approved for storage of classified
information, will be accomplished only by authorized persons who have been
the subject of a trustworthiness determination, in accordance with
AR 380-67
,
or are continuously escorted while so engaged.

(2)
The safe has been drilled immediately adjacent to or through
the dial ring to neutralize a lock-out, a replacement lock meeting
FF-L-2740A
is used, and the drilled hole is repaired with a tapered, hardened tool-steel
pin, or a steel dowel, drill bit, or bearing, with a diameter slightly larger
than the hole, and of such length that when driven into the hole there will
remain at each end of the rod a willow recess not less than ?;-inch
nor more than 3/16-inch deep to permit the acceptance of substantial
welds, and the rod is welded both on the inside and outside surfaces. The
outside of the drawer head must then be puttied, sanded, and repainted in
such a way that no visible evidence of the hole or its repair remains on the
outer surface.

MACOMs will establish procedures concerning repair and maintenance
of classified material security containers, vaults, and secure rooms, to include
a schedule for periodic maintenance. The following guidelines pertain to spotting
repair and maintenance problems that will be addressed outside the regular
maintenance schedule.

In addition to having combinations reset before turn-in (see
paragraph
7-8b(5)
), security equipment will be inspected before turn-in
or transfer to ensure that classified material is not left in the container.
The turn-in procedure will include removal of each container drawer
and inspection of the interior to make sure that all papers and other material
are removed and that the container is completely empty. Vaults, secure rooms,
incinerators, shredders, or other classified material destruction devices,
as well as the rooms in which they are located, will be thoroughly inspected
to make sure that no classified material remains. A written, signed record
certifying that this inspection has been accomplished and that no classified
material remains, will be furnished to the command security manager and filed
for two years.

This section provides the general construction standards for areas
approved for the open storage of classified information, general standards
for intrusion detection (alarm) systems (IDS) used in areas in which classified
information is stored, access control standards, and priorities for the replacement
of locks on security containers. Classified material will be stored to the
maximum extent feasible in GSA-approved security containers. Open storage
areas will only be approved when storage in other approved security containers
is not feasible due to the size, shape, or volume of material stored.

This section applies to open storage areas such as vaults and secure
rooms. It can also apply, at the MACOM's option, to other areas of security
interest, such as areas in which significant amounts of classified material
or especially sensitive material are routinely accessed. This section does
not apply to open storage of SAPs material. See appendix
I
and
AR 380-381
regarding open storage of SAPs material and information.

c.
In conjunction with subparagraph
(2)
, above, a personal identification number
(PIN) can be required. The PIN must be separately entered into the system
by each individual using a keypad device and will consist of four or more
digits, randomly selected, with no known or logical association with the individual.
The PIN must be changed or discontinued when it is believed to have been compromised,
subjected to compromise, or the individual no longer requires access.

Where deviations to the general open storage areas, vaults and strong
rooms, are approved by the MACOM or the Administrative Assistant to the Secretary
of the Army, for HQDA activities, the following standards, as a minimum, will
be satisfied and the areas will be certified as being designed to sufficiently
deter, detect, or delay entry, to unauthorized persons from gaining access
to the classified information stored therein.

e.
IDS. An IDS must be used (see standards in paragraph
7-12
) to provide
complete coverage of the entire open storage area. Minimum response time for
any area storing classified information is contained in paragraph
7-4a
.
Locations outside the United States and all areas that store information which
is of special risk of theft or espionage, or in areas of high risk, must seriously
consider reducing the minimum response time.

All newly purchased GSA approved security containers are equipped
with the electromechanical GSA-approved combination lock meeting Federal
Specification
FF-L-2740A
. New purchases of combination locks for
GSA-approved security containers, vault doors and secure rooms will
conform to Federal Specification FF-L-2740A. Existing mechanical
combination locks that do not meet this specification will not be repaired.
If they do fail, they will be replaced with locks meeting FF-L-2740A.
Army commands will be advised by HQDA of the policy concerning the retrofitting
of existing security containers with the new electromechanical locks meeting
Federal Specification FF-L-2740A. This section contains the recommended
general priorities for the lock retrofit program (See
figure 7-1
). In
accordance with the Army Intelligence Materiel Activity (AIMA), it is to be
implemented upon notification, or as command funds become available and upgrading
of locks is assessed as a component of the command security program. Where
individual situations are assessed as requiring a modification to the general
priorities, they can be made at command option, unless otherwise instructed
by HQDA. An individual situation could include a risk assessment of such factors
as amount of material held, sensitivity of the information, threat to the
information, environment in which the container is located, and depth of other
security features that control access to the container or area. Priorities
range from 1 to 4, with 1 being the highest and 4 the lowest.

Figure 7-1. Lock Replacement Priorities

Classified information will be transmitted and transported only
as specified in this Chapter. COMSEC information will be transmitted in accordance
with AR 380-40. Special Access Programs material will be transmitted
and transported in accordance with appendix
I
of this regulation,
AR 380-381
,
and applicable SAPs procedure guides. Commands will establish local procedures
to meet the minimum requirements to minimize risk of compromise while permitting
use of the most effective transmission or transportation means. External,
street side, collection boxes, for instance, U.S. Mail boxes, will not be
used for the dispatch of classified information. Commands will develop procedures
to protect incoming mail, bulk shipments, and items delivered by messenger,
until a determination is made whether classified information is contained
therein. Screening points will be established to limit access of classified
information to only cleared personnel.

NATO restricted material can be transmitted within the United States and to
designated APO/FPO addresses, by U.S. first class mail, single wrapped with a notation
on the envelope, "POSTMASTER: RETURN SERVICE REQUESTED." When to or from
areas outside the United States and APO/FPO addresses, NATO restricted material will be sent,
double-wrapped, to NATO addressees through United States or NATO member postal systems.

Classified information or material approved for release to a foreign
government, in accordance with
AR 380-10
, will be transferred between
authorized representatives of each government in compliance with the provisions
of this Chapter. Each contract, agreement, or other arrangement, that involves
the release of classified material to foreign entities, will either contain
detailed transmission instructions, or require that a separate transportation
plan be approved, by the appropriate security and transportation officials
and the recipient government, prior to release of the material. Transportation
plan requirements are outlined in paragraph
8-7h
. (See DOD TS-5105.21-M-2
for further guidance regarding SCI.)

Where applicable, commands will establish procedures for shipment
of bulk classified material as freight, to include provisions for shipment
in closed vehicles, when required, appropriate notice to the consignee concerning
the shipment, procedures at transshipment activities, and action to be taken
in case of non-delivery or unexpected delay in delivery. DA Form 1965
(Delivery and Pick Up Service) may be used as a manifest for delivery by courier
or messenger of sealed containers. The Top Secret and Secret contents will
have an attached receipt form to be completed by the recipient and returned
to the originator.

Other federal government agencies can require special certification
or special procedures before forwarding classified information to another
agency. Where that is the case, DA commands will comply with the requirements
of those agencies. Specifically, the Department of Energy (DOE) requires that
a "mail channel" be established prior to the transmission of
certain classified information from a DOE facility to another activity. The
mail channel, or material channel for transmission of material other than
mail, will be certified by a designated DA certification official, will be
made on DOE Form 5631.20 and will include the certified classified mailing
address. The certification official will be one of the officials authorized
to sign DOE Form 5631.20. See paragraph
6-17
, of this regulation, for
policy on personnel authorized to sign the DOE Form 5631.20. The DOE Form
5631.20 replaced DOE Form DP-277. It is recommended that the DOE facility
that holds the material be contacted for the proper address and information
to be completed on the form. Unless notified to the contrary by the DOE facility,
the mail or material channel may not exceed one year, subject to renewal of
the form.

b.
Many of the principles contained
in paragraph
8-14
, of this regulation, apply to all situations involving
the handcarrying of classified information and are not restricted to those
situations involving classified material handcarried outside the United States.
Commands will consider the principles stated in paragraph
8-13
in developing
command procedures concerning the handcarrying of classified material and
incorporate those that are deemed applicable to the handcarrying of classified
material within the United States.

(11)
Travel orders
(
DD Form 1610
) will identify the traveler by name, title, organization, and
include the traveler's passport or identification number. The travel orders
will describe the route to be taken by the traveler, the traveler's itinerary
can be attached for this purpose; describe the package to be carried by size,
weight, and configuration, but will not contain statements that identify the
package as containing classified material; reflect a date of issue and expiration;
and contain the name, title, and telephone number of an appropriate official,
within the traveler's command, who may be contacted to verify the authorization
to escort classified material. Courier orders will contain this same information,
in addition to a complete description of the material that is to be carried
and expiration of authorization to carry the material. Where possible, the
courier authorization should show the phone number of the U.S. embassy or
consulate, closest to the area that the traveler will enter the country, in
case the assistance of the U.S. State Department is needed in clearing customs.
As an alternative, the courier orders should show the name and phone number
of a point of contact at the activity located in the foreign country that
is to be visited. Courier orders will be signed by the official authorizing
the handcarrying of classified material.

Commanders will establish security education programs. These programs
will be aimed at promoting quality performance of security responsibilities
by command personnel, and will be tailored, as much as possible, to the specific
involvement of individuals in the information security program and the command's
mission. The programs will--

Security education must be a continuous, rather than periodic, influence
on individual security performance. Periodic briefings, training sessions,
and other formal presentations will be supplemented with other informational
and promotional efforts to ensure maintenance of continuous awareness and
performance quality. The use of job performance aids and other substitutes
for formal training, for example, video tapes or self-paced computer
programs, can be used when they are determined to be the most effective means
of achieving program goals. The circulation of directives or similar material
on a "read-and-initial" basis will not be considered
as fulfilling any of the specific requirements of this Chapter, because there
is no basis to gauge effectiveness.

Chapter
6
of this regulation contains the policy on the execution
of the Classified Information Nondisclosure Agreement (NDA)(
SF 312
). Individuals
who refuse to sign the form will be advised of the following:

Personnel who are not cleared for access to classified information
will be included in the security education program. Especially if they will
be working in situations where inadvertent access to classified information
might occur or they will have access to unclassified/sensitive information
which might be of value to intelligence collectors. They will be provided
with a brief explanation of the nature and importance of classified and sensitive
information and actions they should take if they discover classified information
unsecured, note an apparent security vulnerability, or believe they have been
contacted by an intelligence collector or other unauthorized individual seeking
to gain access to sensitive government information. Security training for
all DA personnel is the command's responsibility. Security education training
is useful in the understanding of why official information must be protected
and, therefore, inclusion of uncleared personnel in certain aspects of the
security education program is essential.

Security education programs will include efforts to maintain and
reinforce quality performance of security responsibilities. As a minimum,
all DA employees, especially those who have access to, create, process, or
handle classified/sensitive information, will be provided refresher training
in their responsibilities at least once a year. The actual frequency and nature
of continuing security education must be determined by the needs of, and outlined
in, the command's information security program and the nature of the command
personnel involvement in the program. As a minimum, all personnel will receive
annual refresher training that reinforces the policies, principles, and procedures,
covered in initial and specialized training. Refresher training will also
address the threat and the techniques employed by foreign intelligence activities
attempting to obtain classified information, and advise personnel of penalties
for engaging in espionage activities. Refresher training should also address
issues or concerns identified during unit self-inspections. Whenever
security policies and procedures change, personnel, whose duties would be
impacted by these changes, must be briefed as soon as possible.

b.
A foreign travel briefing
used to be only offered to those individuals who had access to classified
information.
AR 525-13
requires that all DA military and civilian personnel
pending travel outside the U.S. and its territories or possessions must attend
the Antiterrorism/Force Protection (AT/FP) Level I awareness training, prior
to departure from their current duty station. Training must be received within
6 months of departure date to the overseas area. It is the commander's responsibility
to ensure all DA military and civilain personnel are scheduled for and receive
this training prior to their departure. All DA military and civilian personnel
will not outprocess or depart on PCS, TDY, TCS, leave, or pass to an overseas
area without AT/FP training.

DA personnel in positions which require performance of specified
roles in the information security program will be provided security education
sufficient to permit quality performance of those duties. The training will
be provided before, concurrent with, or not later than six months following
assumption of those positions.

c.
DOD Handbook 5200.1-PH
can be used as
a reference by original classification authorities and personnel that assist
these officials. Many of the basic principles of making an original classification
decision have not changed since the publication of the handbook, and it may
be useful both as a training aid for newly designated original classification
authorities, as a reference in making original classification decisions, and
developing command level security classification guides. Excerpts from this
handbook appear as appendix
G
of this regulation.

DA personnel whose responsibilities include derivative classification,
will be trained in requirements and procedures appropriate to the information
and material they will be classifying, including the proper use of classification
guides and source documents. As a minimum, the training will address the following
questions:

Security managers, security staff members, and others with significant
responsibility for management of the information security program, will be
trained/educated to fulfill their roles. The Defense Security Service Academy,
formerly the Defense Security Institute (DSI), Baltimore Maryland, should
be contacted for advice in obtaining training and/or training aids. They can
be found on the Internet at
http://www.dss.mil/training/
. The training and
education should be tailored to suit their expected contributions to the program,
and will include at a minimum:

As stated in Chapter
6
, DA personnel will be briefed on the sensitivity
of Critical Nuclear Weapons Design Information (CNWDI) before access is granted.
The following is an example of a sample briefing for CNWDI access, and it,
or a version thereof, is suggested for use.

Commands will include in their security education programs, either
in the general program or as part of special briefings to select personnel
affected, provisions regarding special education and training for personnel
who:

DA commands will establish procedures to make sure that cleared
employees, who leave the command or whose clearance is terminated, receive
a termination briefing. See paragraph
6-5
of this regulation for more
detailed policy on termination briefings. This briefing will--

DA commanders will ensure that their security education programs
are appropriately evaluated during self-inspections and during oversight
activities of subordinate commands or organizational units. This evaluation
will include assessment of the quality and effectiveness of security education
efforts, as well as ensuring appropriate coverage of the target populations.
Commands will maintain a record of the programs offered and of the personnel
that participated. These records will be maintained for two years and will
be available for review during oversight inspections and assistance visits.
These evaluations will also be included in block 9 of the
SF 311
annual report.

When an incident of possible loss or compromise of classified information
is reported, the command will immediately initiate a preliminary inquiry into
the incident. If the information was in the custody of another activity at
the time of the possible compromise, that activity will be notified and will
assume responsibility for the preliminary inquiry. This preliminary inquiry
will be conducted according to these guidelines:

a.
If the conclusion of the preliminary inquiry
is as stated in paragraph
10-3d(2)
or
(4)
, (compromise could have occurred,
or compromise did occur and damage to the national security can result) the
official initiating the preliminary inquiry will immediately notify the originator
of the information or material involved. If the originator was not the original
classification authority, the OCA will also be immediately notified (see paragraph
10-5a
, below). If the originator cannot be determined, the command's
MACOM will be contacted for guidance. The MACOM will contact DAMI-CH,
for those cases in which the MACOM cannot direct the command to the appropriate
activity. Notification of the originator and original classification authority
will not be delayed pending completion of any additional inquiry or resolution
of other related issues.

b.
If the conclusion of the preliminary inquiry is as stated in paragraph
10-3d(2)
or
(4)
, the command will report the matter through command channels to its
MACOM, or to the Administrative Assistant to the Secretary of the Army (AASA)
for offices and activities under HQDA. The MACOM or the AASA will review the
report for completeness and adequacy of investigation and for the appropriateness
of the corrective action/sanctions taken. Such reports will be filed and retained
for a period no less than two years and are subject to HQDA or other appropriate
agency oversight. MACOMs and the AASA will establish policy and procedures
concerning whether or not there will be a forwarding of the reports of preliminary
inquiry when the conclusion is other than stated in paragraph
10-3d(2)
or
(4)
. Reports of preliminary inquiry will be included in the Command management
control review and oversight. If analysis shows that defects in the procedures
and requirements of this regulation, or another Army regulation or DOD directive,
contributed to the incident, MACOM, and the AASA officials will so advise
DAMI-CH. DAMI-CH officials will evaluate the incident and report
the conclusions, where deemed warranted, to DOD officials, if the problem
concerns a DOD requirement. Report defects in the procedures and requirements
regarding Army or other DOD SAPs directives, regulations, instructions, or
other regulatory guidance through command channels to DAMI-CH (SAP)
and DACS-DMP. If the problem concerns a DOD SAPs Directive, Instruction,
or other regulatory guidance, HQDA will report to the Director, Special Programs,
ODUSD(P).

In cases where a person has had unauthorized access to classified
information, it is advisable to discuss the situation with the individual
to enhance the probability that they will properly protect it. Whether such
a discussion, commonly called a "debriefing," is held, is to
be decided by the commander, security manager, or other designated official.
This decision must be based on the circumstances of the incident, what is
known about the person or persons involved, and the nature of the classified
information. The following general guidelines apply:

Additional investigation, beyond what is required by this Chapter,
such as an
AR 15-6
investigation, may be needed to permit application
of appropriate sanctions for violation of regulations, criminal prosecution,
or determination of effective remedies for discovered vulnerabilities. The
preliminary inquiry required by this Chapter, serves as a part of these investigations,
but notification of originators will not be delayed pending the completion
of these investigations.

When an individual, who has had access to classified information,
is absent without authorization, commits or attempts to commit suicide, or
is temporarily or permanently incapacitated, the command will inquire into
the situation to see if there are indications of activities, behavior, or
associations, that could indicate classified information might be at risk.
If so, the supporting counterintelligence organization will be notified. The
scope and depth of this preliminary inquiry will depend on the length of the
absence, factors leading to the actual or attempted suicide, or reasons and
causes for the incapacitation, and the sensitivity of the classified information
involved. See
AR 190-40
for further details.

DOD military and civilian personnel are subject to administrative
sanctions if they negligently disclose, to unauthorized persons, information
properly classified under
EO 12958
or any prior or subsequent order. Administrative
action against U.S. military personnel, under the Uniform Code of Military
Justice (UCMJ), can be pursued, but is not required. Administrative action
against civilian personnel can be pursued under U.S. Army civilian personnel
regulations, but is not required. No action is to be taken until a full inquiry
has been completed to determine the seriousness of the incident.

Whoever embezzles, steals, purloins, or knowingly converts to his
use or the use of another, or without authority, sells, conveys or disposes
of any record, voucher, money, or thing of value of the United States or of
any department or agency thereof, or any property made or being made under
contract for the United States or any department or agency thereof; or Whoever
receives, conceals, or retains the same with intent to convert it to his use
or gain, knowing it to have been embezzled, stolen, purloined or converted -
Shall be fined under this title or imprisoned not more than ten years, or
both; but if the value of such property does not exceed the sum of $1,000,
he shall be fined under this title or imprisoned not more than one year, or
both. The word "value" means face, par, or market value, or
cost price, either wholesale or retail, whichever is greater.

Whoever uses or permits the use of an aircraft or any contrivance
used, or designed for navigation or flight in the air, for the purpose of
making a photograph, sketch, picture, drawing, map, or graphical representation
of vital military or naval installations or equipment, in violation of
section
795
of this title, will be fined not more than $1,000 or imprisoned
not more than one year, or both. (June 25, 1948, ch. 645,62 Stat. 738.)

On and after thirty days from the date upon which the President
defines any vital military or naval installation or equipment as being within
the category contemplated under
section 795
of this title, whoever reproduces,
publishes, sells, or gives away any photograph, sketch, picture, drawing,
map, or graphical representation of the vital military or naval installations
or equipment so defined, without first obtaining permission of the commanding
officer of the military or naval post, camp, or station concerned, or higher
authority, unless such photograph, sketch, picture, drawing, map, or graphical
representation has clearly indicated thereon that it has been censored by
the proper military or naval authority, will be fined not more than $1,000
or imprisoned not more than one year, or both. (June 25, 1948, ch. 645,62
Stat. 738.)

Whoever, knowingly, and willfully communicates, furnishes, transmits,
or otherwise makes available to an unauthorized person, or publishes, or uses
in any manner prejudicial to the safety or interest of the United States or
for the benefit of any foreign government to the detriment of the United States
any classified information: (1) concerning the nature, preparation, or use
of any code, cipher, or cryptographic system of the United States or any foreign
government; or (2) concerning the design, construction, use, maintenance,
or repair or any device, apparatus, or appliance used or prepared or planned
for use by the United States or any foreign government for cryptographic or
communication intelligence purposes; or (3) concerning the communication intelligence
from the communications of any foreign government, knowing the same to have
been obtained by such processes - will be fined not more than $10,000
or imprisoned not more than ten (10) years, or both. (Added Oct 31, 1951,
ch. 655, section 24(a), 65 Stat. 719.)

Whoever, by virtue of his employment by the United States, obtains
from another or has or has had custody of or access to, any official diplomatic
code or any matter prepared in any such code, or which purports to have been
prepared in any such code, and without authorization or competent authority,
willfully publishes or furnishes to another any such code or matter, or any
matter which was obtained while in the process of transmission between any
foreign government and its diplomatic mission in the United States, shall
be fined under this title or imprisoned not more than ten years, or both.

Whoever, in any matter within the jurisdiction of any department
or agency of the United States, knowingly and willfully falsifies, conceals,
or covers up by any trick, scheme or device, a material fact or makes any
false fictitious or fraudulent statements or representations or makes or uses
any false writing or document knowing the same to contain any false, fictitious
or fraudulent statement or entry, will be fined not more than $10,000
or imprisoned not more than five (5) years, or both.

a.
Section 783 (b)
. It will be unlawful for any
officer or employee of the United States or any department or agency thereof,
or of any corporation the stock of which is owned in whole or in major part
by the United States or any department or agency thereof, to communicate in
any manner or by any means, to any other person whom such officer or employee
knows or has reason to believe to be an agent or representative of any foreign
government or an officer or member of any Communist organization as defined
in paragraph (5) of section 782 of this title, any information of a kind which
will have been classified by the President (or by the head of any such department,
agency, or corporation with the approval of the President) as affecting the
security of the United States, knowing or having reason to know that such
information has been so classified, unless such officer or employee will have
been specifically authorized by the President or by the head of the department,
agency or corporation by which this officer or employee is employed, to make
such disclosure of such information.

b.
Section 783 (d)
. Any person who violates any provision of this section
will, upon conviction thereof, be punished by a fine of not more than $10,000,
or imprisonment for not more than ten (10) years, or by both such fine and
such imprisonment, and will moreover, be thereafter ineligible to hold any
office, or place of honor, profit, or trust created by the Constitution or
laws of the United States.

AR 381-20.
The Army Counterintelligence Program

DCID 1/21.
Physical Security Standards for SCIFs

DCID 1/7.
Security Controls on the Dissemination of Intelligence Information

DCID 5/6.
Intelligence Disclosure Policy, and the National Policy and Procedures
for the Disclosure of Classified Military Information to Foreign Governments
and International Organizations
(abbreviated title: National Disclosure Policy 1 or NDP 1)

SF 700.
Security Container Information.
(Prescribed in para
7-8c
.) This form is available in paper through
the Federal Supply Service, Ft. Worth, TX Phone: 817-978-2051.

SF 701.
Activity Security Checklist.
(Prescribed in para
6-11
.) This form is available in paper through
the Federal Supply Service, Ft. Worth, TX Phone: 817-978-2051.

SF 702.
Security Container Check Sheet.
(Prescribed in para
6-10b
.) This form is available in paper
through the Federal Supply Service, Ft. Worth, TX Phone: 817-978-2051. The
electronic form is available at
http://web1.osd.mil/icdhome/sfeforms.htm

SF 703.
Top Secret Cover Sheet.
(Prescribed in para
6-10a
.) (This form is available in paper
through normal forms supply channels.)

This regulation implements the policy set forth in Executive Order
(E.O.) 12958
, Classified National Security Information, April 17, 1995, with
amendments, and Department of Defense Directive 5200.1-R, Information
Security Program, January 14, 1997. The following are reprints of Executive
Order (EO) 12958 and its supplements,
EO 12972
and
EO 13142
."

This Order prescribes a uniform system for classifying, safeguarding,
and declassifying national security information. Our democratic principles
require that the American people be informed of the activities of their Government.
Also, our nation's progress depends on the free flow of information. Nevertheless,
throughout our history, the national interest has required that certain information
be maintained in confidence in Order to protect our citizens, our democratic
institutions, and our participation within the community of nations. Protecting
information critical to our Nation's security remains a priority. In recent
years, however, dramatic changes have altered, although not eliminated, the
national security threats that we confront. These changes provide a greater
opportunity to emphasize our commitment to open Government.

NOW,
THEREFORE, by the authority vested in me as President by the Constitution
and the laws of the United States of America, it is hereby Ordered as follows:

a.
Subject to paragraph
b
, below, within five years
from the date of this Order, all classified information contained in records
that: (1) are more than 25 years old; and (2) have been determined to have
permanent historical value under
Title 44
, United States Code, will be automatically
declassified whether or not the records have been reviewed. Subsequently,
all classified information in such records will be automatically declassified
no longer than 25 years from the date of its original classification, except
as provided in paragraph
b
, below.

(4)
Other entities within the Executive
Office of the President that solely advise and assist the incumbent President
is exempted from the provisions of paragraph
a
, above. However, the Archivist
will have the authority to review, downgrade, and declassify information of
former presidents under the control of the Archivist pursuant to Sections
2107
,
2111
, 2111 note, or
2203 of Title 44
, United States Code. Review procedures
developed by the Archivist will provide for consultation with agencies having
primary subject matter interest and will be consistent with the provisions
of applicable laws or lawful agreements that pertain to the respective presidential
papers or records. Agencies with primary subject matter interest will be notified
promptly of the Archivist's decision. Any final decision by the Archivist
may be appealed by the requester or an agency to the Interagency Security
Classification Appeals Panel. The information will remain classified pending
a prompt decision on the appeal.

In response to a request for information under the Freedom of Information
Act, the Privacy Act of 1974, or the mandatory review provisions of this Order,
or pursuant to the automatic declassification or systematic review provisions
of this Order:

By the
authority vested in me as President by the Constitution and the laws of the United
States of America, and in Order to amend Executive Order No. 12958, it is hereby
Ordered that the definition of "agency" in Section 1.1.i of such
Order is hereby amended to read as follows: (i)"Agency" means
any "Executive agency" as defined in
5 USC 105
, any "Military
department" as defined in
5 USC 102
, and "any other entity within the
executive branch that comes into the possession of classified information."

By the authority vested in me as President by the Constitution
and the laws of the United States of America, and in order to extend and establish
specific dates for the time within which all classified information contained
in records more than 25 years old that have been determined to have historical
value under
title 44
, United States Code, should be automatically declassified,
and to establish the Information Security Oversight Office within the National
Archives and Records Administration, it is hereby ordered that Executive Order
12958 is amended as follows:

.
Sec. 3. Subsections (a) and (b) of section
5.2
are amended to read as follows:
"(a) The Director of
the Information Security Oversight Office, under the direction of the Archivist
of the United States and in consultation with the Assistant to the President
for National Security Affairs and the co-chairs of the Security Policy
Board, shall issue such directives as are necessary to implement this order.
These directives shall be binding upon the agencies. Directives issued by
the Director of the Information Security Oversight Office shall establish
standards for:

Intelligence information will be controlled and marked in accordance
with Director of Central Intelligence Directive (DCID) 1/7, "Security
Controls on the Dissemination of Intelligence Information", included
as
figure D-1
of this appendix, and future revisions. Control markings
as well as all other policy stipulated in DCID 1/7 apply solely to intelligence
information and not to other classified information. Except as specifically
stipulated in this appendix, intelligence information will be safeguarded
in the same manner as other types of classified information of the same classification
level.

It is the policy of the DCI that intelligence be produced in a way
that balances the need for maximum utility of the information to the intended
recipient with protection of intelligence sources and methods. The controls
and procedures established by this directive should be applied uniformly in
the dissemination and use of intelligence originated by all Intelligence Community
components in accordance with the following principles:

Originators of classified intelligence information should write
for the consumer. This policy is intended to provide for the optimum dissemination
of timely, tailored intelligence to consumers in a form that allows use of
the information to support all need to know customers.

The originator of intelligence is responsible for determining the
appropriate level of protection prescribed by classification and dissemination
policy. Originators shall take a risk management approach when preparing information
for dissemination.

This directive establishes policies, controls, and procedures for
the dissemination and use of intelligence information to ensure that, while
facilitating its interchange for intelligence purposes, it will be adequately
protected. This directive implements and amplifies applicable portions of
the directives of the Information Security Oversight Office issued pursuant
to Executive Order
(EO) 12958
and directives of the Security Policy Board
issued pursuant to EO 12958 and PDD-29.

Additionally, this directive sets forth policies and procedures
governing the release of intelligence to contractors and consultants, foreign
governments, international organizations or coalition partners consisting
of sovereign states, and to foreign nationals and immigrant aliens, including
those employed by the US Government.

Executive Order 12958
provides for the establishment of Special
Access Programs, including Sensitive Compartmented Information. DCID 3/29
provides procedures for the establishment and review of Special Access Programs
pertaining to intelligence activities and restricted collateral information.
Intelligence Community components may establish and maintain dissemination
controls on such information as approved under the policies and procedures
contained in DCID 3/29, this DCID, and implementing guidance.

Intelligence Community (and agencies within the Intelligence Community)
refers to the United States Government agencies and organizations and activities
identified in section 3 of the National Security Act of 1947, as amended,
50 USC 401a(4)
, and section 3.4(f) (1 through 6) of
Executive Order 12333
.

Intelligence information and related materials (hereinafter referred
to as "Intelligence") include the following information, whether
written or in any other medium, classified pursuant to
EO 12958
or any predecessor
or successor Executive Order:

Information describing US foreign intelligence and counterintelligence
activities, sources, methods, equipment, or methodology used for the acquisition,
processing, or exploitation of such intelligence; foreign military hardware
obtained through intelligence activities for exploitation and the results
of the exploitation; and any other data resulting from US intelligence collection
efforts; and,

"Need-to-know" is the determination by
an authorized holder of classified information that a prospective recipient
requires access to specific classified information in order to perform or
assist in a lawful and authorized governmental function. Such persons shall
possess an appropriate security clearance and access approval granted pursuant
to Executive Order 12968, Access to Classified Information.

Senior Official of the Intelligence Community (SOIC) is the head
of an agency, office, bureau, or other intelligence element as identified
in section 3 of the National Security Act of 1947, as amended,
50 USC 401a(4)
,
and section 3.4(f) (1 through 6) of
Executive Order 12333
.

A "tear line" is the place on an intelligence report
(usually denoted by a series of dashes) at which the sanitized version of
a more highly classified and/or controlled report begins. The sanitized information
below the tear line should contain the substance of the information above
the tear line, but without identifying the sensitive sources and methods.
This will permit wider dissemination, in accordance with the "need
to know" principle and foreign disclosure guidelines, of the information
below the tear line.

In support of the policy statement in section 1.0, classifiers of
intelligence information shall take a risk management approach when preparing
information for dissemination. In the interest of the widest possible dissemination
of information to consumers with a "need to know", classifiers
shall carefully consider the needs of all appropriate intelligence consumers
regarding sources and methods information or sensitive analytic comments and
use control markings only when necessary and in accordance with this directive,
using tear lines and other formats to meet consumer needs for intelligence.

In carrying out this policy, intelligence producers shall prepare
their reports and products at the lowest classification level commensurate
with expected damage that could be caused by unauthorized disclosure. When
necessary, the material should be prepared in other formats (e.g. tear line
form) to permit broader dissemination or release of information.

All material shall be portion marked to allow ready identification
of information that cannot be broadly disseminated or released, except for
material for which a waiver has been obtained under
EO 12958
.

Executive Order 12958
provides that classified information originating
in one US department or agency shall not be disseminated beyond any recipient
agency without the consent of the originating agency. However, to facilitate
use and dissemination of intelligence within and among Intelligence Community
components and to provide for the timely flow of intelligence to consumers,
the following controlled relief to the "third agency rule" is
hereby established:

Each Intelligence Community component consents to the use of its
classified intelligence in classified intelligence products of other Intelligence
Community components, including its contractors under section 6, and to the
dissemination of those products within executive branch departments/agencies
of the US Government, except as specifically restricted by controls defined
in this directive or other DCI guidance.

As provided in 5.1.1, classified intelligence that bears no restrictive
control markings may be given secondary US dissemination in classified channels
to any U.S. Executive Branch department/agency not on original distribution
if: (a) the intelligence has first been sanitized by the removal of all references
and inferences to intelligence sources and methods and the identity of the
producing agency; or (b) if the product is not so sanitized, the consent of
the originator has been obtained. If there is any doubt concerning a reference
or inference to intelligence sources and methods, relevant intelligence documents
should not be given secondary dissemination until the recipient has consulted
with the originator.

Any component disseminating intelligence beyond the Intelligence
Community assumes responsibility for ensuring that recipient organizations
agree to observe the need-to-know principle and the restrictions
prescribed by this directive, and to maintain adequate safeguards.

SOICs, or their designees, may release intelligence to appropriately
cleared or access-approved US contractors and consultants
(hereinafter "contractor") having a
demonstrated "need-to-know" without
referral to the originating agency prior to release provided that:

At the initiation of the contract, the SOIC or his/her designee
specifies and certifies in writing that disclosure of the specified information
does not create an unfair competitive advantage for the contractor or a conflict
of interest with the contractor's obligation to protect the information. If,
during the course of the contract, the contractor's requirements for information
changes to require new or significantly different information, the SOIC or
his/her designee shall make a new specification and certification. In cases
where the designated official cannot or does not resolve the issue of unfair
competitive advantage or conflict of interest, consent of the originator is
required;

Contractors are not authorized to disclose further or release intelligence
to any of their components or employees or to another contractor (including
subcontractors) without the prior written notification and approval of the
SOIC or his/her designee unless such disclosure or release is authorized in
writing at the initiation of the contract as an operational requirement;

Intelligence released to contractors, all reproductions thereof,
and all other material generated based on, or incorporating data therefrom
(including authorized reproductions), remain the property of the US Government.
Final disposition of intelligence information shall be governed by the sponsoring
agency;

National Intelligence Estimates (NIEs), Special National Intelligence
Estimates (SNIEs), and Interagency Intelligence Memoranda may be released
to appropriately cleared contractors possessing an appropriate level facility
clearance and need-to-know, except as regulated by provisions
concerning proprietary information as defined in sections
6.1.7
and
9.3
, below;

Except as provided in section
6.3
below, intelligence that bears the
control marking "CAUTION-PROPRIETARY INFORMATION
INVOLVED" (abbreviated "PROPIN" or "PR") may
not be released to contractors, unless prior permission has been obtained from the
originator and those providing the intelligence to the originator. Intelligence that
bears the control marking, "DISSEMINATION AND EXTRACTION OF INFORMATION CONTROLLED
BY ORIGINATOR" (abbreviated "ORCON") may only be released to
contractors within Government facilities. These control markings are further described
under sections
9.2
and
9.3
, below; and

Authorized release to foreign nationals or foreign contractors is
undertaken through established channels in accordance with sections 7 and
8, and DCID 5/6, Intelligence Disclosure Policy, and the National Policy and
Procedures for the Disclosure of Classified Military Information to Foreign
Governments and International Organizations (abbreviated title: National Disclosure
Policy 1 or NDP 1) to the extent consistent with DCIDs and other DCI guidance.

Contractors who perform duties inside a Government owned or controlled
facility will follow the procedures and policies of that sponsoring Intelligence
Community member in accordance with section
6.1
of this directive.

The SOIC of the sponsoring agency, or his/her designee, is responsible
for ensuring that releases to contractors of intelligence marked ORCON and/or
PROPIN are made only with the consent of the originating agency pursuant to
this directive and through established channels; (See sections
9.2
and
9.3
);

Contractors shall establish procedures to control all intelligence
received, produced, and held by them in accordance with the provisions of
the National Industrial Security Program Operating Manual. This will not impose
internal receipt and document accountability requirements for internal traceability
and audit purposes;

Sponsoring agencies shall delete any reference to the Central Intelligence
Agency (CIA), the phrase "Directorate of Operations" and any
of its components, the place acquired, the field number, the source description,
and field dissemination from all CIA Directorate of Operations reports passed
to contractors, unless prior approval to do otherwise is obtained from CIA.

It is the policy of the DCI that intelligence may be shared with
foreign governments, and international organizations or coalition partners
consisting of sovereign states to the extent such sharing promotes the interests
of the United States, is consistent with US law, does not pose unreasonable
risk to US foreign policy or national defense, and is limited to a specific
purpose and normally of limited duration. The release of intelligence to such
entities is subject to this directive, DCID 5/6, Intelligence Disclosure Policy,
and NDP 1 to the extent consistent with DCIDs and other DCI guidance.

Intelligence Community elements shall restrict the information subject
to control markings to the minimum necessary. If it is not possible to prepare
the entire report at the collateral, uncaveated level, IC elements shall organize
their intelligence reports and products to identify clearly information not
authorized for release to foreign entities.

The source or manner of acquisition of the intelligence (including
analytic judgments or techniques), and/or the location where the intelligence
was collected (if relevant to protect sources and methods) is not revealed
and cannot be deduced in any manner.

RESTRICTED DATA and FORMERLY RESTRICTED DATA may only be released
to foreign governments pursuant to an agreement for cooperation as required
by sections 123 and 144 of Public Law 585, Atomic Energy Act of 1954, as amended.

It is the policy of the DCI that no classified intelligence will
be shared with foreign nationals, foreign contractors, or international organizations
not consisting of sovereign states, except in accordance with the provisions
of this section.

Intelligence, even though it bears no restrictive control markings,
will not be released in any form to foreign nationals or immigrant aliens
(including those employed by, used by, or integrated into the US Government)
without the permission of the originator. In such cases where permission of
the originator has been granted, the release must be in accordance with DCID
5/6, and the NDP 1 to the extent consistent with DCIDs and other DCI guidance.

Release of intelligence to a foreign contractor or company under
contract to the US Government must be through the foreign government of the
country which the contractor is representing, unless otherwise directed in
government-to-government agreements or there is an appropriate
US channel for release of the information. Provisions concerning release to
foreign governments is contained in section
7.0
, above.

DCI policy is that the authorized control markings for intelligence
information in this section shall be individually assigned as prescribed by
an Original Classification Authority (OCA) or by officials designated by a
SOIC and used in conjunction with security classifications and other markings
specified by
Executive Order 12958
and its implementing directive(s). Unless
originator consent is obtained, these markings shall be carried forward to
any new format or medium in which the same information is incorporated.

To the maximum extent possible, information assigned an authorized
control marking shall not be combined with uncaveated information in such
a way as to render the uncaveated information subject to the control marking.
To fulfill the requirements of paragraph
9.6.1
below, SOICs shall establish
procedures in implementing directives to expedite further dissemination of
essential intelligence. Whenever possible, caveated intelligence information
reports should include the identity and contact instructions of the organization
authorized to approve further dissemination on a case-by-case
basis.

This marking (ORCON or abbreviated OC) may be used only on classified
intelligence that clearly identifies or would reasonably permit ready identification
of intelligence sources or methods that are particularly susceptible to countermeasures
that would nullify or measurably reduce their effectiveness. It is used to
enable the originator to maintain continuing knowledge and supervision of
distribution of the intelligence beyond its original dissemination. This control
marking may not be used when access to the intelligence information will reasonably
be protected by use of its classification markings, i.e., CONFIDENTIAL, SECRET
or TOP SECRET, or by use of any other control markings specified herein or
in other DCIDs. Requests for further dissemination of intelligence bearing
this marking shall be reviewed in a timely manner.

Information bearing this marking may be
disseminated within the headquarters and specified subordinate
elements of recipient organizations, including their contractors within Government
facilities. This information may also be incorporated in whole or in part
into other briefings or products, provided the briefing or intelligence product
is presented or distributed only to original recipients of the information.
Dissemination beyond headquarters and specified subordinate elements or to
agencies other than the original recipients requires advance permission from
the originator.

As ORCON is the most restrictive marking herein, agencies that originate
intelligence will follow the procedures established in the classified DCID
1/7 Supplement, "Guidelines for Use of ORCON Caveat."

"CAUTION-PROPRIETARY INFORMATION INVOLVED" (PROPIN). This marking is used, with or without
a security classification, to identify information provided by a commercial
firm or private source under an express or implied understanding that the
information will be protected as a proprietary trade secret or proprietary
data believed to have actual or potential value. This marking
may be used on government proprietary information only when the government
proprietary information can provide a contractor(s) an unfair advantage, such
as US Government budget or financial information. Information bearing this
marking shall not be disseminated outside the Federal Government in any form
without the express permission of the originator of the intelligence and provider
of the proprietary information. This marking precludes dissemination to contractors
irrespective of their status to, or within, the US Government without the
authorization of the originator of the intelligence and provider of the information.
This marking shall be abbreviated "PROPIN" or "PR."

"NOT RELEASABLE TO FOREIGN NATIONALS" - NOFORN
(NF). This marking is used to identify intelligence which an originator has
determined falls under the criteria of DCID 5/6, "Intelligence Which
May Not Be Disclosed or Released," and may not be provided in any
form to foreign governments, international organizations, coalition partners,
foreign nationals, or immigrant aliens without originator approval.

"AUTHORIZED FOR RELEASE TO..(name of country(ies)/international
organization)"(REL TO). This control marking is used when a limited exception to the marking
requirements in section
9.4
may be authorized to release the information beyond
US recipients. This marking is authorized only when the originator has an
intelligence sharing arrangement or relationship with a foreign government
approved in accordance with DCI policies and procedures that permits the release
of the specific intelligence information to that foreign government, but to
no other in any form without originator consent.

This directive does not restrict an authorized recipient of intelligence
at any level from directly contacting the originator of the intelligence to
ask for relief from a specific control marking(s) in order to further disseminate
intelligence material to additional users for which the authorized original
recipient believes there is a valid need-to-know. Authorized recipients
are encouraged to seek such further dissemination through normal liaison channels
for release to US Government agencies or contractors and through foreign disclosure
channels for foreign release, on a case-by-case basis, in order
to expedite further dissemination of essential intelligence.

Authorized recipients may obtain information regarding points of
contact at agencies that originate intelligence from their local dissemination
authorities or from instructions issued periodically by these intelligence
producers. Intelligence products often also carry a point of contact name/office
and telephone number responsible for the product. If no other information
is available, authorized recipients are encouraged to contact the producing
agency of the document to identify the official or office authorized to provide
relief from authorized control marking(s).

If there are any questions about whom to contact for guidance, recipients
are also encouraged to contact the Director of Central Intelligence (DCI)
representative at the Commander-in-Chief (CINC) Headquarters,
overseas mission, trade delegation, or treaty negotiating team under which
they operate.

A SOIC may authorize the use of additional security control markings
for Sensitive Compartmented Information (SCI), Special Access Program (SAP)
information, restricted collateral information, or other classified intelligence
information, consistent with policies and procedures contained in DCID 3/29
and this directive. A uniform list of security control markings authorized
for dissemination of classified information by components of the Intelligence
Community, and the authorized abbreviated forms of such markings, shall be
compiled in the central register maintained pursuant to DCID 3/29. The forms
of the markings and abbreviations listed in this register shall be the only
forms of those markings used for dissemination of classified information by
components of the Intelligence Community, unless an exception is specifically
authorized by a SOIC.

Certain emergency situations4 that involve an imminent threat to
life or mission warrant dissemination of intelligence to organizations and
individuals not routinely included in such dissemination. When the National
Command Authority (NCA) directs that an emergency situation exists, SOICs
will ensure that intelligence support provided to the ongoing operations conforms
with this directive, DCID 5/6, and NDP 1 to the maximum extent practical and
consistent with the mission.

Dissemination of intelligence under this provision is authorized
only if: (a) an authority designated by the military commander or civilian
official determines that adherence to this DCID reasonably is expected to
preclude timely dissemination to protect life or mission; (b) disseminations
are for limited duration and narrowly limited to persons or entities that
need the information within 72 hours to satisfy an imminent emergency need;
and (c) there is insufficient time to obtain approval through normal intelligence
disclosure channels.

The disclosing authority will report the dissemination through normal
disclosure channels within 24 hours of the dissemination, or at the earliest
opportunity thereafter as the emergency permits. For purposes of this provision,
planning for contingency activities or operations not expected to occur within
72 hours does not constitute "imminent" need that warrants
exercise of the emergency waiver to bypass the requirements of this DCID.

Any recipient desiring to disseminate intelligence in a manner contrary
to the control markings established by this directive must obtain the advance
permission of the agency that originated the intelligence. Such permission
applies only to the specific purpose agreed to by the originator and does
not automatically apply to all recipients. Producers of intelligence will
ensure that prompt consideration is given to recipients' requests with particular
attention to reviewing and editing, if necessary, sanitized or paraphrased
versions to derive a text suitable for release subject to lesser or no control
marking(s).

The control markings authorized above shall be shown on the title
page, front cover, and other applicable pages of documents; incorporated in
the text of electrical communications; shown on graphics; and associated (in
full or abbreviated form) with data stored or processed in automated information
systems. The control markings also shall be indicated by parenthetical use
of the marking abbreviations at the beginning or end of the appropriate portions
in accordance with
EO 12958
.

WNINTEL and NOCONTRACT. The control markings, Warning Notice -
Intelligence Sources or Methods Involved (WNINTEL), and NOT RELEASABLE TO
CONTRACTORS/CONSULTANTS (abbreviated NOCONTRACT or NC) were rendered obsolete
effective 12 April 1995. No permission of the originator is required to release,
in accordance with this directive, material marked WNINTEL. Holders of documents
prior to 12 April 1995 bearing the NOCONTRACT marking should apply the policies
and procedures contained in section
6.1
for possible release of such documents.

Remarking of material bearing the WNINTEL, or NOCONTRACT, control
marking is not required; however, holders of material bearing these markings
may line through or otherwise remove the marking(s) from documents or other
material.

Questions with respect to current applications of all control markings
authorized by earlier directives on the dissemination and control of intelligence
and used on documents issued prior to the effective date of this directive
should be referred to the agency or department originating the intelligence
so marked.

Violations of the foregoing restrictions and control markings that
result in unauthorized disclosure by one agency of the intelligence of another
shall be reported to the Director of Central Intelligence through appropriate
Intelligence Community channels.

SOICs shall be responsible for the implementation of internal controls
and shall conduct training to ensure that the dissemination and release policies
contained in this directive and the limitations on the use of control markings
are followed. SOICs shall assure that agency personnel are accountable for
the proper marking of classified information under this directive and section
5.6 of
EO 12958
.

SOICs shall establish challenge procedures by which US consumers
may register complaints about the misuse of control markings or the lack of
use of tear line reporting or portion marking. Information concerning such
challenges shall be provided to the Security Policy Board staff upon request
or for the annual review.

The Security Policy Board staff shall report to the DCI and Deputy
Secretary of Defense on Intelligence Community compliance with this directive,
including recommendations for further policies in this area. The report will
include an in-depth evaluation of the use of control markings in intelligence
reporting/production, including consumer evaluations and producer perspectives
on implementation of the directive. The report shall also include information
and statistics on challenges formally lodged pursuant to agency procedures
under section 1.9 of
Executive Order 12958
within and among intelligence agencies
on the use of control markings, including their adjudication and the number
of times the authority in section 10 was used and the documents provided.
In order to inform the Security Policy Board staff of substantive detail in
these areas for purposes of this review, Intelligence Community elements shall
respond to requests for information from the Security Policy Board staff.
Intelligence Community elements may build this program into their Self-Inspection
programs under EO 12958. The Security Policy Board staff shall also obtain
pertinent information on this subject from intelligence consumers as required.

Questions concerning the implementation of this policy and these
procedures shall be referred to the Community Management Staff.

/S/ 30 June 1998
Director of Central Intelligence
Date

ENDNOTES:

1
This directive supersedes DCID 1/7, dated 12 April
1995

2
Recipients will apprise originating agencies as
to which components comprise the headquarters element and identify subordinate
elements that may be included as direct recipients of intelligence information.

3
This provision is a requirement of the Trade Secrets Act, as amended
(
18 USC 1905
). The consent of the originator is required to permit release
of material marked CAUTION-PROPRIETARY INFORMATION INVOLVED, PROPIN,
or PR to other than federal government employees.

4
For the purposes
of implementing this portion of the DCID, "emergency situation" is defined as one of the following:

There are no special provisions for documents produced by Automated
Information Systems (AIS) which function as word processing systems. Documents
produced on an AIS will be marked like any other documents. For other AIS-generated
documents, special exceptions may apply where the application of the marking
requirements are not feasible. These exceptions are:

With advent of electronic mail (E-mail or e-mail), communication
between units and personnel has increased exponentially. However, with this
increase in e-mail, there is also a decrease in security awareness when
it comes to proper classification markings on these messages. Department of
the Army personnel take for granted that since they are communicating over
a classified LAN they do not have to use proper markings. This is incorrect.
Proper page and portion markings will be used on all correspondence just as
if it were a typed or hand-written paper. If the entire message, on
a classified LAN, is UNCLASSIFIED, it can be marked on its face, top and
bottom: "UNCLASSIFIED", and a statement added: "All portions
of this message are UNCLASSIFIED." No further markings are required. All other
classified messages will be marked according to chapter
4
of this regulation.

The availability and use of commercial e-mail programs within
the Department of the Army has added another potential for security violations.
These programs offer what is called "sensitivity" categories
for messages. The most commonly available categories are: (1) NORMAL; (2)
PERSONAL; (3) PRIVATE; and (4) CONFIDENTIAL. The use of this last category
could open the user to potential security violations since classified information
will not be sent over an unclassified system. The term "CONFIDENTIAL" is reserved strictly for classification purposes only. Therefore,
this sensitivity category will not be used on any e-mail, sent or received
on or by a government owned and/or operated machine and/or system.

One of the most popular, and convenient, forms of spreading
information about a unit or agency is to post it on the Internet. The cost
of "surfing" has diminished to the point where an overwhelming majority
of people have Internet access, not only at work, but also at home. It is
as common as the family television set. It is estimated that by the next millenium,
the majority of unit data exchange will be via Internet websites. It is for
this reason that measures need to be instituted now before it is too late.
For purposes of this appendix, the term "page" is used to represent
every webpage or file related to, and linked from, any files that contain
Department of Defense information on a unit or activity's Internet site, regardless
if it is on an unclassified or a classified LAN. This includes embedded items,
such as graphics, multimedia, etc.

Much as classified and unclassified documents are easily marked
and recognized, so must be unclassified webpages. For each unclassified Internet
homepage/website, a banner stating that the website contains only unclassified,
non-sensitive, and non-Privacy Act information is required as
the first page visitors will come to. A banner similar to the one at figure
E-1
will be used and no further markings are required.

Figure E-1. Unclassified Warning Banner

Homepages/websites, on a classified network, are the same thing
as pages in a classified document, especially after they have been printed
out. It is vitally important that proper marking and handling procedures are
implemented to reduce the risk of a security violation. For each classified
homepage/website, a banner similar to the one at
figure E-2
is required
on the first page visitors come to.

(7)
See appendix
D
, of this regulation,
for an explanation of portion marking certain intelligence control markings
(for instance, ORCON and PROPIN). Portion marking of those intelligence control
markings will follow the same policy as stated in this section of the regulation.

Figure E-3
, of this appendix, contains a memorandum, from
the Director of Information Systems for Command Control, Communications, and
Computers (DISC4), that provides guidance for the establishment and operation
of publicly accessible, non-restricted, U.S. Army World Wide Web websites
(Army websites). Publicly accessible, non-restricted Army websites will
only provide information that has been properly cleared for release. The organization's
leadership is responsible for the release of all information on the organization's
website.

Figure E-3. Guidance for Management of Publicly
Accessible U.S. Army Websites

Figure E-3. Guidance
for Management of Publicly Accessible U.S. Army Websites--Continued

Figure E-3. Guidance for Management of Publicly Accessible
U.S. Army Websites--Continued

Figure E-3. Guidance
for Management of Publicly Accessible U.S. Army Websites--Continued

Figure E-3. Guidance for Management of Publicly Accessible
U.S. Army Websites--Continued

Figure E-3. Guidance
for Management of Publicly Accessible U.S. Army Websites--Continued

Figure E-3. Guidance for Management of Publicly Accessible
U.S. Army Websites--Continued

Figure E-3. Guidance
for Management of Publicly Accessible U.S. Army Websites--Continued

Figure E-3. Guidance for Management of Publicly Accessible
U.S. Army Websites--Continued

The purpose of this checklist is to assist Command Security Managers
and Management Control Administrators (MCAs) in evaluating the key management
controls outlined below. It is not intended to cover all controls. It is to
be answered in a YES/NO/NA format. A negative response (NO) is to be explained
at the end of the question. The locations in bold are provided as reference
points within AR 380-5.

Answers must be based on the actual testing of key management controls
(e.g., document analysis, direct observation, sampling, simulation, etc.).
Answers that indicate deficiencies must be explained and corrective action
indicated in supporting documentation. These key management controls must
be formally evaluated at least once every five years. Certification that this
evaluation has been conducted must be accomplished on
DA Form 11-2-R
(Management Control Evaluation Certification Statement). All Department of
the Army units, with access to classified information, will develop and implement
an inspection program for annual inspections. This checklist can serve as
the base for the annual inspection and can include other questions as determined
by the agency or command performing the inspection. Inspection programs are
used to evaluate the effectiveness of these key management controls as well
as other requirements of this regulation as they apply to the command being
inspected.

U.S.
classification can only be applied to information that is owned by, produced
by or for, or is under the control of the United States Government. Does the
Original Classification Authority determine that the unauthorized disclosure
of the information reasonably could be expected to result in damage to the
national security, and that the information falls within one or more of the
categories specified in section 1.5 of
Executive Order 12958
?

Does the Original Classification
Authority determine that, if classification is applied or reapplied, there
is a reasonable possibility that the information will be provided protection
from unauthorized disclosure?

Once
a decision is made to classify, information will be classified at one of three
levels. For each level, is the Original Classification Authority able to identify
or describe the damage that unauthorized disclosure reasonably could be expected
to cause to the national security?

Does the Commander establish procedures through which
authorized holders of classified information, within their Commands, can challenge
a classification decision, and make sure that Command personnel are made aware
of the established procedures?

Is
information classified by other U.S. Executive Branch agencies or by foreign
governments or international organizations (including foreign contractors)
referred to the originating agency (or its successors in function) prior to
declassification? (In the case of a foreign government, refer to its legitimate
successor for a declassification decision.)

In accordance with
EO 12958
, the Army has identified
and proposed specific designated file series, with description and identification
of information in those file series, to be exempt from the 25-year automatic
declassification.

Are documents that are exempted from automatic
declassification after 25 years, marked with the designation "25X",
followed by the number of the exemption category (see categories listed in
paragraph
3-6e
), or by a brief reference to the pertinent exemption?

Is classified
information upgraded to a higher level of classification only by officials
who have been delegated the appropriate level of Original Classification Authority?
Do they also notify holders of the change in classification?

Is classified material destroyed
completely to preclude recognition or reconstruction of the classified information
contained in or on the material? Is destruction accomplished in accordance
with the guidelines outlined in this regulation?

Are all unclassified Army records,
including For Official Use Only (FOUO), regardless of media, and all classified
Army records through SECRET, marked according to the MARKS system, to include
disposition instructions?

When classified information is contained
in equipment, hardware, AIS media, or on film, tape, or other audiovisual
media, or in another form not commonly thought of as a document, is the marking
provisions of this regulation met in a way that is compatible with the type
of material?

"For Official Use Only (FOUO)"is a designation that is applied to unclassified information, which
is exempt from mandatory release to the public under the Freedom of Information
Act (FOIA). The FOIA specifies nine categories of information which can be
withheld from release if requested by a member of the public.

Is access to RD (less CNWDI) and FRD by DA personnel
at Army facilities, under the same conditions as for all other classified
information, based on the appropriate security clearance and need-to-know
for the information?

Do
Commands that access, process, or store classified information establish a
system of security checks at the close of each working day to ensure that
all classified material is properly secured? Is Standard Form 701 used to
record these checks?

Have
Commands developed plans for the protection, removal, and destruction of classified
material in case of fire, flood, earthquake, other natural disasters, civil
disturbance, terrorist activities, or enemy action, to minimize the risk of
its compromise?

Is
classified information only discussed, in telephone conversations, over secure
communication equipment, such as a STU-III, and circuits approved for
transmission of information at the level of classification being discussed?

Are storage containers and information
processing equipment, which had been used to store or process classified information,
inspected by cleared personnel before removal from protected areas or before
unauthorized persons are allowed unescorted access to them?

When a DA command wishes to be authorized
to serve as the security sponsor for an association-related classified
meeting, have they made the request, through command channels, to DAMI-CH,
and is it received at least 120 days in advance of the meeting?

Does the Command have security procedures
that prescribe the appropriate safeguards to prevent unauthorized access to
non-COMSEC-approved equipment, that are used to process classified
information, and replace and destroy equipment parts, pursuant to the level
of the classified material contained therein, when the information cannot
be removed from them?

Has the Command established procedures
to control all SECRET and CONFIDENTIAL information and material originated,
received, distributed, or routed to subelements within the command, and all
information disposed of by the command by transfer of custody or destruction?

Are
classified documents and materials destroyed by burning or, when meeting the
standards contained in Chapter
3
, of this regulation, by melting, chemical
decomposition, pulping, pulverizing, cross-cut shredding, or mutilation,
sufficient to preclude recognition, or reconstruction of the classified information?

Have
there been unapproved modifications or repairs to security containers and
vault doors? (Considered a violation of the container's or door's integrity
and the GSA label will be removed.) If so, has the GSA label been removed?

Is classified information or material
approved for release to a foreign government in accordance with
AR 380-10
?
Will it be transferred only between authorized representatives of each government
in compliance with the provisions of Chapter 8, of this regulation?

Where applicable, have Commands established
procedures for shipment of bulk classified material as freight, to include
provisions for shipment in closed vehicles when required, appropriate notice
to the consignee concerning the shipment, procedures at transshipment activities,
and action to be taken in case of non-delivery or unexpected delay in
delivery?

When
classified information is transmitted, is it enclosed in two opaque, sealed
envelopes, wrappings, or containers, durable enough to properly protect the
material from accidental exposure and to ease in detecting tampering, except
where exempted by paragraph
8-9
?

Is handcarrying of classified material limited to situations
of absolute necessity and carried out to make sure it does not pose an unacceptable
risk to the information, IAW the provisions of paragraph
8-12
, of this
regulation?

Are personnel who are not cleared
for access to classified information included in the security education program
if they will be working in situations where inadvertent access to classified
information might occur or they will have access to unclassified information
which might be of value to intelligence collectors?

Are DA personnel, who are in positions which
require performance of specified roles in the Information Security Program,
provided security education sufficient to permit quality performance of those
duties? Is the training provided before, concurrent with, or not later than
six months following assumption of those positions?

Are
all DA personnel, whose responsibilities include derivative classification,
trained in requirements and procedures appropriate to the information and
material they will be classifying, to include the proper use of classification
guides and source documents?

Does Command include in their security education programs,
either in the general program or as part of special briefings to select personnel
affected, provisions regarding special education and training for personnel
who:

When notified of possible or actual
compromise, has the holder of that information or material ensured that the
original classification authority, responsible for each item of information,
is notified of the incident?

This appendix is designed to assist you in evaluating your management
controls. Please submit any comments and/or suggestions to the following address:
DEPARTMENT OF THE ARMY DAMI-CHS, 2511 Jefferson Davis Highway, Suite
#9300, Arlington, VA 22202-3910

The matrix below (
table F-1
) shows file titles and dispositions
for records created and maintained under the purview of this regulation. The
matrix will assist users to determine how long to keep the records in the
current file areas (CFA) and when to transfer them to the Record Holding Area
(RHA) or destroy them. The chart at
table F-2
gives an expanded description
of which files fall under what MARKS number.

Table F-1.
File Titles and Dispositions for Records

Organizational Level

MARKS
Number

File Title

NARA
Authority

Privacy Act
Systems Notice

A

B

C

D

E

F

G

380

General security correspondence files (no longer needed for current
operations)

Description: Information on classified material,
to include Sensitive Compartmented Information (SCI), and security briefing
and debriefing of personnel authorized access to classified material. Included
are briefing statements, debriefing statements and certificates, and related
information.

Disposition: Destroy 2 years after transfer or
separation of person.

FN: 380-5b

Title: Security inspections and surveys

Authority: NN-173-72

Privacy Act: Not applicable

Description: Information on inspections and surveys
that are conducted by security officers. This includes SCI security inspections
and surveys, and routine after-duty-hours security inspections
conducted under the supervision of a security officer to decide the adequacy
of measures taken to protect security information against the hazards of fire,
explosion, sabotage, and unauthorized access. Included are reports, recommendations,
and related information.

Disposition: Destroy after next comparable inspection
or survey.

FN: 380-5d

Title: Classified material access files

Authority: NN-166-204

Privacy Act: OPM/GOVT-1

Description: Information showing authorization
to have access to classified files. This includes forms containing person's
name and signature, classification of files concerned, information desired,
signature of an official authorizing access, and similar data.

Disposition: Destroy on transfer, reassignment,
or separation of the person, or when obsolete.

FN: 380-5g

Title: Classified Information Nondisclosure Agreement
(NDA)

Authority: GRS 18, Item 25

Privacy Act: A0380-67DAMI

Description: Copies of nondisclosure agreements;
such as
SF 312
or SF 189 and DD Form 1847-1 (Sensitive Compartmented
Information Nondisclosure Statement/SCI NDA or similar forms; signed by military
or civilian personnel including employees of contractors, licensees, or grantees
with access to information that is classified under standards put forth by
Executive Orders governing security classification. These forms should be
maintained separately from personnel security clearance files. Agreements
for civilian employees working for elements of the intelligence community
must be maintained separately from the official personnel folder. For all
other persons, these forms may be filed in the individual's official military
personnel folder (for uniformed military personnel) or on the right side of
the official personnel folder (for civilian employees).

Disposition: a. If maintained separately from the
individual's official personnel folder. Destroy when 70 years old.

b. If maintained in the individual's official personnel
folder. Apply the disposition for the official personnel folder.

FN: 380-5j

Title: TOP SECRET document records

Authority: GRS 18, Item 5b

Privacy Act: A0001DAMI

Description: Information used to record the names
of persons having had access to TOP SECRET information and copies of extracts
distributed.

Disposition: Destroy when related document is downgraded,
transferred, or destroyed.

FN: 380-5k

Title: Security classification files

Authority: NC1-AU-78-117

Privacy Act: Not applicable

Description: Information relating to the security
classification or grading system involving the classification or downgrading
of information. Included are correspondence or memorandums and reports on
security classification. It excludes other files described in this record
series.

Disposition: a. Offices in charge of issuance:
Destroy 10 years after final declassification action.

Description: Forms and other types of information
that show the destruction of classified information.

Disposition: Destroy after 2 years, or earlier
when approved by HQDA (DAMI-CIS) WASH DC 20310.

FN: 380-5r

Title: Security information exchanges

Authority: NC1-AU-78-117

Privacy Act: Not applicable

Description: Information on the exchange of security
classified information with other Government agencies, industry, and foreign
governments. Included are correspondence on the exchange of information, exchange
agreements, and related information.

Disposition: Destroy after 20 years.

FN: 380-5s

Title: Security compromise cases

Authority: NC1-330-76-1

Privacy Act: Not applicable

Description: Information on investigations of alleged
security violations. Included are SCI security violations such as missing
information, unauthorized disclosure of information, unattended open security
containers, and information not properly safeguarded.

Disposition: Destroy 2 years after completion of
final corrective or disciplinary action. Records of violations of a sufficiently
serious nature to be classified as felonies are permanent.

FN: 380-5u

Title: Security equipment files

Authority: NN-166-204

Privacy Act: Not applicable

Description: Information gathered for the determination
of uses and types of security equipment for protecting classified information
and materials. They include safes, alarm systems, and other security equipment.

Disposition: Destroy after 10 years. Destroy exceptions
to storage standards 10 years after termination of the exception.

FN: 380-5w

Title: Security regrading cases

Authority: NC1-AU-78-117

Privacy Act: Not applicable

Description: Information on the review of specific
classified information or equipment for the purpose of regrading the information
or equipment.

Disposition: a. Offices in charge of regrading:
Destroy after 15 years.

b. Other offices: Destroy after 3 years.

FN: 380-5x

Title: Security information access cases

Authority: NC1-AU-78-117

Privacy Act: A0380-67DAMI

Description: Information on the review of specific
requests for access to classified files or equipment for purposes of research
and study.

Disposition: a. Offices having Army-wide
responsibility: Destroy after 20 years.

b. Other offices: Destroy after 2 years.

FN: 380-5y

Title: Security information releases

Authority: NCI-AU-78-117

Privacy Act: Not applicable

Description: Information on the review of classified
or potentially classified documentary materials for dissemination of information
to sources outside the Army, such as the review of manuscripts, photography,
lectures, radio, and television scripts, and other materials.

Disposition: a. Offices having Army-wide
responsibility: Destroy after 20 years.

b. Other offices: Destroy after 2 years.

FN: 380-5z

Title: Noncryptographic registered document accounts

Authority: II-NNA-1002

Privacy Act: A0001DAMI

Description: Information showing the accountability
of non-Army noncryptographic registered information. Included are semiannual
inventory or report of transfer, transfer reports, and similar information.

Disposition: Destroy when superseded by a new report
if all information referred to is accounted for either by a report of destruction
or inclusion in the new report.

FN: 380-5aa

Title: TOP SECRET material accountability

Authority: GRS 18, Item 5a

Privacy Act: A0001DAMI

Description: Information showing the identity,
receipt, dispatch, downgrading, source, movement from one office to another,
destruction, and current custodian of all TOP SECRET material for which the
TOP SECRET control office is responsible.

Disposition: Destroy 5 years after all items on
each page have been destroyed, downgraded, dispatched, or when entries are
transferred to a new page.

FN: 380-5bb

Title: Industrial information security

Authority: NC1-AU-83-28

Privacy Act: Not applicable

Description: Information on the protection of classified
information in the possession of industry, including information on the issuance
of clearance certificates, and related information.

Disposition: Permanent.

FN: 380-5dd

Title: Activity Entry and Exit Inspection Program

Authority: GRS 18, Item 8

Privacy Act: Not applicable

Description: Documents collected at MACOMs, SUBMACOMs,
and Staff agencies in the conduct of an inspection program to deter and detect
unauthorized introduction or removal of classified material from DOD owned
or leased installations and facilities. Included are--

a. The date(s) and number of entry and exit inspections
conducted by the activity and subordinate elements during the previous quarter.

b. The number of instances during the quarter when
persons handcarried classified information without apparent authorization.

c. Problems encountered in the conduct of the
entry and exit inspection program.

Note: Use FN 380-5s to file information on
investigations on alleged security violations.

Disposition: Cut off at end of calendar year. Destroy
2 years after cut off.

FN: 380-150d

Title: Atomic information exchanges

Authority: NC1-AU-76-51

Privacy Act: Not applicable

Description: Information relating to requests from
various foreign governments or allies for atomic information, to include requests
for regulations, manuals, reports, and other related information.

f.
Figure G-1
is a reprint of
DODD 5200.1-H
. Note: Except for sections 1, 2, 6, and 7, the sample
guide contains only a sampling of topics that normally would be included.
Comments are enclosed in parentheses. References are to DODD 5200.1-R,
tailored as best as possible to this regulation.

Figure G-1. DOD Directive 5200.1-H

Figure G-1. DOD Directive 5200.1-H--Continued

Good security classification practice in an organization as large
and widespread as the Department of Defense, calls for the timely issuance
of comprehensive guidance regarding security classification of information
concerning any system, plan, program, or project; the unauthorized disclosure
of which reasonably could be expected to cause damage to the national security.
Precise classification guidance is prerequisite to effective and efficient
information security and can do much to assure that security resources are
expended to protect only that which truly warrants protection in the interests
of national security.
Executive Order 12958
(reference (a)) and its implementing
Information Security Oversight Office Directive No. 1 (reference (b)), provide
general requirements and standards concerning the issuance of security classification
guides.

Information is classified to assist in ensuring that it is provided
an appropriate level of protection. Therefore, it is essential that a classification
guide be concerned with identifying the specific items of information and
the level of protection required, as well as the time period for which protection
must be continued.

A classification guide should be issued as early as practical in
the life cycle of the classified system, plan, program or project. Any uncertainty
in application of the policies and procedures contained in DOD Regulation
5200.1-R, "Information Security Program," (reference
(c)), which implements the provisions of reference (a) and (b) within DOD,
will result in a less than satisfactory security classification guide. Accordingly,
the requirements of DOD 5200.1-R regarding classification, declassification,
downgrading, marking, and security classification guides should be reviewed
and understood before proceeding with the task of writing a security classification
guide.

DOD information that does not, individually or in compilation,
qualify for classification, must be reviewed in accordance with DOD Regulation
5400.7 (reference (d)), prior to its release outside DOD. In addition, such
information must also be reviewed for compliance with the provisions of Deputy
Secretary of Defense Memorandum, dated December 7, 1998 (reference (e)), prior
to its placement on any publicly accessible DOD web site.

Since the primary purpose of this Handbook is to provide assistance
to those who are responsible for the writing of a security classification
guide, some discussion of classification and declassification principles is
warranted.

The declassification decision determines duration of protection,
and is as important as the original classification determination. At the time
an item of information is classified, original classifiers shall:

Executive Order 12958
(reference (a)) does permit an original classifier
to provide for downgrading of classification to a lower level at predetermined
points in time, or upon the occurrence of specified events. You are encouraged
to specify in your guide, downgrading to a lower level of classification when
the lower level will provide adequate protection.

Before the actual writing of a security classification guide begins,
it is necessary to find out what, if any, classification guidance already
issued is applicable to items of information concerning the system, plan,
program or project for which the classification guide is being constructed.
Any existing guidance may affect your effort, and should be considered carefully.
Uniformity and consistency in the exercise of classification authority, especially
in the form of a security classification guide, are essential. Be alert to
conflicts between the guide you will be developing and any already approved
guide.

In some fields of interest, guides have been issued that apply to
a broad spectrum of activities. Such guides often are issued as DOD Instructions
through the DOD Directives System. DOD 5200.1-1 (reference (e)) provides
a listing of most guides issued within the Department of Defense. Many of
the listed guides are available from the Defense Technical Information Center.
Always check reference (e), but be aware that some classification guides are
too sensitive to be identified in that document. In addition, there may be
other classification guides issued along functional lines by activities outside
the Department of Defense that could have a bearing on your effort. Seek the
advice of those who have knowledge of classification in the subject area under
consideration or in closely related fields. If your activity has an information
security specialist, that individual may be a particularly valuable source
of advice and assistance.

Reasonable classification determinations cannot be made in the scientific
and technical field without analysis of what has been accomplished, and what
is being attempted and by whom. Make use of scientific and information services;
consult technical and intelligence specialists; obtain whatever assistance
is available from any proper source. Learn about the state-of-the-art,
the state of development and attainment in the field of work, and what is
known and openly published about it, including:

The subject matter of your guide must be looked at as a totality.
Decide what it does or seeks to accomplish that will result in a net national
advantage. Cover all the values, direct and indirect, accruing or expected
to accrue to the United States. In the final analysis, the decision to classify
will be related to one or more of the following factors, producing directly
or indirectly, the actual or expected net national advantage.

Making the analyses outlined in sections
C.3.2
and
C.3.3
above,
will lead to conclusions on the ways the effort will result in net national
advantage, and hence, what it is that requires classification to protect that
advantage. Although at this stage of the guide's preparation you are concerned
primarily with information relating to the overall effort, consideration must
be given to some of the more particular information or data such as that covering
performance capabilities, and possible vulnerabilities and weaknesses. Appendix
A
has been designed to help in that consideration.